HP SAN/iQ <= 10.0 Root Shell Command Injection
Critical Nessus Plugin ID 61612
SynopsisA management service on the remote host has a command injection vulnerability.
DescriptionThe version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is required, but can be bypassed easily by using default, hard-coded credentials.
SolutionThere is no known solution at this time.