CVE-2013-2352

Published: Jul 10, 2013Modified: Apr 29, 2026

9.4

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Exploitability: 10.0 / Impact: 9.2

Source: NVD

Description

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.

Affected (7)

Products: Hp: San/iq

1 product

San/iq

Configuration A

7 vulnerable · 19 platform

Vulnerable Software	Affected Versions
Hp San/iq	Up to 10.5
Hp San/iq	Version 10.0
Hp San/iq	Version 8.0
Hp San/iq	Version 8.1
Hp San/iq	Version 8.5
Hp San/iq	Version 9.0
Hp San/iq	Version 9.5

Running on/with	Platform Versions
Dell Poweredge 2950	All versions
Hp Dl320s	All versions
Hp Lefthand Nsm2060	All versions
Hp Lefthand Nsm2060 G2	All versions
Hp Lefthand Nsm2120 G2	All versions
Hp Lefthand Vsa	All versions
Hp P4000 Vsa	All versions
Hp P4300	All versions
Hp P4300 G2	All versions
Hp P4500	All versions
Hp P4500 G2	All versions
Hp P4900 G2	All versions
Hp Storevirtual 4130	All versions
Hp Storevirtual 4330	All versions
Hp Storevirtual 4530	All versions
Hp Storevirtual 4630	All versions
Hp Storevirtual 4730	All versions
Hp Storevirtual Vsa	All versions
Ibm X3650	All versions

Related CWEs

CWE-255

References (4)

http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/

Source: hp-security-alert@hp.com

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537

Source: hp-security-alert@hp.com

Vendor Advisory

http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.