CVE-2010-4115:storageworks_modular_smart_array_p2000_g3_firmware: HP StorageWorks Modular Smart Array P2000 G3 firmwa...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4115

storageworks_modular_smart_array_p2000_g3_firmware: HP StorageWorks Modular Smart Array P2000 G3 firmwa...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4115

Original

HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-17

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-20

Affected Product Tags

cpe:/a:hp:storageworks_modular_smart_array_p2000_g3_firmware:ts100p002

cpe:/a:hp:storageworks_modular_smart_array_p2000_g3_firmware:ts100r011

cpe:/a:hp:storageworks_modular_smart_array_p2000_g3_firmware:ts100r025

cpe:/a:hp:storageworks_modular_smart_array_p2000_g3_firmware:ts200r005

cpe:/a:hp:storageworks_modular_smart_array_p2000_g3_firmware:ts201r014

cpe:/a:hp:storageworks_modular_smart_array_p2000_g3_firmware:ts201r015

cpe:/h:hp:storageworks_modular_smart_array_p2000_g3

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 45386

BUGTRAQ 20101215 Re: hidden admin user on every HP MSA2000 G3

BUGTRAQ 20101213 Re: hidden admin user on every HP MSA2000 G3

BUGTRAQ 20101213 hidden admin user on every HP MSA2000 G3

FULLDISC 20101213 hidden admin user on every HP MSA2000 G3

HP HPSBST02620

HP SSRT100356

SECTRACK 1024904

SECUNIA 42583

VUPEN ADV-2010-3250

Vulnerability Type Credentials Management (CWE-255)

XF storageworks-default-account(64125)