Executive Summary

Summary
Title HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access
Informations
Name HPSBST02620 SSRT100356 First vendor Publication 2010-12-15
Vendor HP Last vendor Modification 2010-12-23
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP StorageWorks Modular Smart Array P2000 G3. This vulnerability could be exploited to allow remote unauthorized access.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02660754

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

Open Source Vulnerability Database (OSVDB)

Id Description
69930 HP StorageWorks Modular Smart Array Admin Account Default Password

By default, HP StorageWorks Modular Smart Array installs with a default password. The admin account has a password of !admin which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-12-22 IAVM : 2010-B-0118 - HP StorageWorks Unauthorized Access Vulnerability
Severity : Category I - VMSKEY : V0025866

Nessus® Vulnerability Scanner

Date Description
2010-12-23 Name : The remote device has an account with default credentials.
File : hp_storageworks_admin_default_creds.nasl - Type : ACT_GATHER_INFO