(0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account VulnerabilitiesZDI-12-015: January 12th, 2012
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 361,1125,2400. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability.
The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the pasword file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
Vendor ResponseHewlett-Packard states:
This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.
HP states that a patch for this vulnerability will be made available to the public "soon." Until that time, it is recommended that administrators of StorageWorks systems restrict access to the web interface on 80/tcp to authorized hosts only.
2011-06-01 - Vulnerability reported to vendor
2012-01-12 - Coordinated public release of advisory
CreditThis vulnerability was discovered by:
Carlos Perez at Tenable Network Security