Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	APP:HP-SAN-IQ-CMD-INJ
Severity	Major
Recommended	No
Recommended Action	Drop
Category	APP
Keywords	HP SAN iQ Multiple Command Injection
Release Date	2014/09/18
Update Number	2420
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: HP SAN iQ Multiple Command Injection

This signature detects attempts to exploit a known vulnerability in the HP SAN iQ Appliance. A successful attack can lead to command injection within the context of the server.

Extended Description

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.

Affected Products

Hp san/iq 9.5

References

BugTraq: 55133
BugTraq: 55132
CVE: CVE-2012-2986
CVE: CVE-2012-4362
CVE: CVE-2012-4361

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: HP SAN iQ Multiple Command Injection

Extended Description

Affected Products

References