Kod programskog paketa HP StorageWorks P4000 Virtual SAN Appliance Software otkrivena je sigurnosna ranjivost koju lokalni napadač može iskoristiti za pokretanje proizvoljnih naredbi i kompromitaciju ranjivog sustava.

HP StorageWorks P4000 Virtual SAN Appliance Software Unspecified Command Execution Vulnerability
Secunia Advisory 	SA50341 	

Release Date 	2012-08-23
Criticality level 	Moderately criticalModerately critical
Impact 	System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia VIM
  	 
Software:	
	HP StorageWorks P4000 Virtual SAN Appliance Software 9.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.

An error within the hydra component does not properly check for authentication when performing administrative tasks and can be exploited to execute arbitrary commands by sending a specially crafted command to TCP port 13841.

The vulnerability is reported in version 9.5. Other versions may also be affected.

Solution
No official solution is currently available.

Provided and/or discovered by
e6af8de8b1d4b2b6d5ba2610cbf9cd38 via ZDI.

Original Advisory
http://www.zerodayinitiative.com/advisories/ZDI-12-166/