Detections
Analytics
HP LeftHand Virtual SAN Appliance < 10.0 hydra Service Multiple RCE
critical Nessus Plugin ID 64633
Language:
Synopsis
A management service on the remote host has multiple remote code execution vulnerabilities.Description
According to the version fingerprinted by Nessus, the remote host is an HP LeftHand Virtual SAN Appliance prior to version 10.0. It is, therefore, affected by multiple unspecified remote code execution vulnerabilities in the hydra service.Solution
Upgrade to HP LeftHand Virtual SAN Appliance version 10.0 or later.See Also
https://www.zerodayinitiative.com/advisories/ZDI-13-014/
https://www.zerodayinitiative.com/advisories/ZDI-13-015/
https://www.zerodayinitiative.com/advisories/ZDI-13-016/
https://www.zerodayinitiative.com/advisories/ZDI-13-017/
https://www.zerodayinitiative.com/advisories/ZDI-13-179/
http://www.nessus.org/u?be9b75d5
https://www.securityfocus.com/archive/1/527020/30/0/threaded
Plugin Details
Severity: Critical
ID: 64633
File Name: hp_vsa_10_0.nasl
Version: 1.13
Type: remote
Family: Gain a shell remotely
Published: 2/14/2013
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/5/2013
Vulnerability Publication Date: 2/5/2013
Exploitable With
Metasploit (HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow)
Reference Information
CVE: CVE-2012-3282, CVE-2012-3283, CVE-2012-3284, CVE-2012-3285, CVE-2013-2343
HP: HPSBST02846, SSRT100798, emr_na-c03661318
ZDI: ZDI-13-014, ZDI-13-015, ZDI-13-016, ZDI-13-017, ZDI-13-179