Advisory Details

January 12th, 2012

(0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities

ZDI-12-015
ZDI-CAN-1243

CVE ID CVE-2011-4788
CVSS SCORE 9.0, AV:N/AC:L/Au:N/C:C/I:P/A:P
AFFECTED VENDORS Hewlett-Packard
AFFECTED PRODUCTS StorageWorks P2000 G3
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['361', '1125', '2400']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability.

The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the pasword file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
ADDITIONAL DETAILS


This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.

-- Mitigation:
HP states that a patch for this vulnerability will be made available to the public "soon." Until that time, it is recommended that administrators of StorageWorks systems restrict access to the web interface on 80/tcp to authorized hosts only.


DISCLOSURE TIMELINE
  • 2011-06-01 - Vulnerability reported to vendor
  • 2012-01-12 - Coordinated public release of advisory
CREDIT Carlos Perez at Tenable Network Security
BACK TO ADVISORIES