Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

HP SAN/iQ Virtual SAN Appliance Second Parameter Command Execution Vulnerability

Information

Severity

Severity

High

Family

Family

General

CVSSv2 Base

CVSSv2 Base

7.7

CVSSv2 Vector

CVSSv2 Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

5 years ago

Summary

This host is running HP SAN/iQ Virtual SAN Appliance and is prone to remote command execution vulnerability.

Insight

Insight

The flaw is due to an error in 'lhn/public/network/ping' which does not properly handle shell meta characters in the second parameter.

Affected Software

Affected Software

HP SAN/iQ version prior to 9.5 on HP Virtual SAN Appliance

Solution

Solution

Upgrade to HP SAN/iQ 9.5 or later.

Common Vulnerabilities and Exposures (CVE)