1. Home
  2. CVE Database
  3. CVE-2013-2352
HIGH · 9.4

CVE-2013-2352

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for ...

Vulnerability Description

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.

CVSS Score

9.4

HIGH

AV:N/AC:L/Au:N/C:N/I:C/A:C
Confidentiality
NONE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
HpSan\/Iq<= 10.5
DellPoweredge 2950All versions
HpDl320SAll versions
HpLefthand Nsm2060All versions
HpLefthand Nsm2060 G2All versions
HpLefthand Nsm2120 G2All versions
HpLefthand VsaAll versions
HpP4000 VsaAll versions
HpP4300All versions
HpP4300 G2All versions
HpP4500All versions
HpP4500 G2All versions
HpP4900 G2All versions
HpStorevirtual 4130All versions
HpStorevirtual 4330All versions
HpStorevirtual 4530All versions
HpStorevirtual 4630All versions
HpStorevirtual 4730All versions
HpStorevirtual VsaAll versions
IbmX3650All versions

Related Weaknesses (CWE)

CWE-255

References

FAQ

What is CVE-2013-2352?

CVE-2013-2352 is a vulnerability with a CVSS score of 9.4 (HIGH). LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for ...

How severe is CVE-2013-2352?

CVE-2013-2352 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2352?

Check the references section above for vendor advisories and patch information. Affected products include: Hp San\/Iq, Dell Poweredge 2950, Hp Dl320S, Hp Lefthand Nsm2060, Hp Lefthand Nsm2060 G2.