Overview
The HP Virtual SAN appliance version 9.5 is susceptible to a root shell command injection (CWE-77) vulnerability.
Description
Tenable Network Security has reported that HP's fix for the command injection vulnerability, EDB-ID 18893, was incomplete. The ping command for the appliance has a total of four parameters. The initial fix has only sanitized the input for one of the four parameters. Command injection is still possible against the other three parameters. |
Impact
An authenticated attacker can run arbitrary commands on the appliance. |
Solution
We are currently unaware of a practical solution to this problem. Please consider the following workarounds. |
Restrict access |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.7 | AV:A/AC:L/Au:S/C:C/I:C/A:C |
| Temporal | 6.2 | E:POC/RL:U/RC:UC |
| Environmental | 6.2 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Tenable Network Security for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2012-2986 |
| Date Public: | 2012-08-17 |
| Date First Published: | 2012-08-17 |
| Date Last Updated: | 2012-08-17 22:08 UTC |
| Document Revision: | 17 |