CVE-2013-2352 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2013-2352

Deferred

More Info Official Page

Source-hp-security-alert@hp.com

Published At-10 Jul, 2013 | 22:55

Updated At-11 Apr, 2025 | 00:51

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	9.4	HIGH	AV:N/AC:L/Au:N/C:N/I:C/A:C

Type: Primary

Version: 2.0

Base score: 9.4

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:N/I:C/A:C

CPE Matches

>>san\/iq>>Versions up to 10.5(inclusive)

cpe:2.3:a:hp:san\/iq:*:*:*:*:*:*:*:*

>>san\/iq>>8.0

cpe:2.3:a:hp:san\/iq:8.0:*:*:*:*:*:*:*

>>san\/iq>>8.1

cpe:2.3:a:hp:san\/iq:8.1:*:*:*:*:*:*:*

>>san\/iq>>8.5

cpe:2.3:a:hp:san\/iq:8.5:*:*:*:*:*:*:*

>>san\/iq>>9.0

cpe:2.3:a:hp:san\/iq:9.0:*:*:*:*:*:*:*

>>san\/iq>>9.5

cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:*

>>san\/iq>>10.0

cpe:2.3:a:hp:san\/iq:10.0:*:*:*:*:*:*:*

>>poweredge_2950>>*

cpe:2.3:h:dell:poweredge_2950:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:dl320s:*:*:*:*:*:*:*:*

>>lefthand_nsm2060>>*

cpe:2.3:h:hp:lefthand_nsm2060:*:*:*:*:*:*:*:*

>>lefthand_nsm2060_g2>>*

cpe:2.3:h:hp:lefthand_nsm2060_g2:*:*:*:*:*:*:*:*

>>lefthand_nsm2120_g2>>*

cpe:2.3:h:hp:lefthand_nsm2120_g2:*:*:*:*:*:*:*:*

>>lefthand_vsa>>*

cpe:2.3:h:hp:lefthand_vsa:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:p4000_vsa:*:*:*:*:*:*:*:*

>>p4300>>*

cpe:2.3:h:hp:p4300:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:p4300_g2:*:*:*:*:*:*:*:*

>>p4500>>*

cpe:2.3:h:hp:p4500:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:p4500_g2:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:p4900_g2:*:*:*:*:*:*:*:*

>>storevirtual_4130>>*

cpe:2.3:h:hp:storevirtual_4130:*:*:*:*:*:*:*:*

>>storevirtual_4330>>*

cpe:2.3:h:hp:storevirtual_4330:*:*:*:*:*:*:*:*

>>storevirtual_4530>>*

cpe:2.3:h:hp:storevirtual_4530:*:*:*:*:*:*:*:*

>>storevirtual_4630>>*

cpe:2.3:h:hp:storevirtual_4630:*:*:*:*:*:*:*:*

>>storevirtual_4730>>*

cpe:2.3:h:hp:storevirtual_4730:*:*:*:*:*:*:*:*

>>storevirtual_vsa>>*

cpe:2.3:h:hp:storevirtual_vsa:*:*:*:*:*:*:*:*

IBM Corporation

>>x3650>>*

cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-255	Primary	nvd@nist.gov

CWE ID: CWE-255

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/	hp-security-alert@hp.com	N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537	hp-security-alert@hp.com	Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537	hp-security-alert@hp.com	Vendor Advisory
http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/

Source: hp-security-alert@hp.com

Resource: N/A

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537

Source: hp-security-alert@hp.com

Resource:

Vendor Advisory

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537

Source: hp-security-alert@hp.com

Resource:

Vendor Advisory

Hyperlink: http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory