Detections
Analytics
HP B-series SAN Network Advisor < 12.1.1 Remote Code Execution (Linux)
critical Nessus Plugin ID 72178
Language:
Synopsis
The remote host has an application that is affected by a remote code execution vulnerability.Description
The version of HP B-series SAN Network Advisor on the remote Linux host is a version prior to 12.1.1. As such, it is affected by a remote code execution vulnerability.It should be noted that while the associated references report on a remote code execution vulnerability in EMC Connectrix Manager Converged Network Edition, HP B-series SAN Network Advisor is the same product under an HP name and is, therefore, also affected. Moreover, the issue is actually due to a third-party product from Brocade.
Solution
Upgrade to HP B-series SAN Network Advisor 12.1.1 or later.See Also
https://www.zerodayinitiative.com/advisories/ZDI-13-278/
https://www.zerodayinitiative.com/advisories/ZDI-13-279/
https://www.zerodayinitiative.com/advisories/ZDI-13-280/
https://www.zerodayinitiative.com/advisories/ZDI-13-281/
https://www.zerodayinitiative.com/advisories/ZDI-13-282/
https://www.zerodayinitiative.com/advisories/ZDI-13-283/
http://attrition.org/pipermail/vim/2014-January/002755.html
http://www.nessus.org/u?f70e4bba
https://www.securityfocus.com/archive/1/530357/30/0/threaded
Plugin Details
Severity: Critical
ID: 72178
File Name: hp_b-series_san_network_advisor_linux_12_1_1.nasl
Version: 1.12
Type: local
Family: General
Published: 1/28/2014
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:hp:b_series_san_network_advisor
Required KB Items: Host/HP B-Series SAN Network Advisor/Installed
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/16/2013
Vulnerability Publication Date: 12/16/2013
Reference Information
CVE: CVE-2013-6810
BID: 64242