Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP StorageWorks P2000 G3 directory traversal vulnerability
Informations
Name VU#885499 First vendor Publication 2012-02-20
Vendor VU-CERT Last vendor Modification 2012-03-02
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#885499

HP StorageWorks P2000 G3 directory traversal vulnerability

Overview

HP StorageWorks P2000 G3 contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information.

I. Description

HP StorageWorks P2000 G3 contains an embedded webserver which is vulnerable to a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information.

This vulnerability was also reported to ZDI by another researcher and was disclosed publicly.

II. Impact

A remote unauthenticated attacker could obtain sensitive information.

III. Solution

Apply Update


The vendor has reported this issue has been addressed in the TS230P008 firmware.
Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent XSS or CSRF attacks since the attack comes as an HTTP request from a legitimate user's host. Restricting access would prevent an attacker from accessing a HP StorageWorks P2000 G3 using stolen credentials from a blocked network location.

Vendor Information

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected2011-11-182012-03-02

References

http://www.zerodayinitiative.com/advisories/ZDI-12-015/
http://h10010.www1.hp.com/wwpc/us/en/sm/WF05a/12169-304616-241493-241493-241493-4118559.html?dnr=1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&task
Id=110&prodSeriesId=4118559&prodTypeId=12169&objectID=c03098935&prodTypeId=32929
0&prodSeriesId=1143842

Credit

Thanks to Thomas Leonardo of The Cooperative Bank for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:2012-01-13
Date First Published:2012-02-20
Date Last Updated:2012-03-02
CERT Advisory: 
CVE-ID(s):CVE-2011-4788
NVD-ID(s):CVE-2011-4788
US-CERT Technical Alerts: 
Severity Metric:0.00
Document Revision:11

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/885499

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1

OpenVAS Exploits

Date Description
2012-02-21 Name : HP StorageWorks Default Accounts and Directory Traversal Vulnerabilities
File : nvt/gb_hp_storageworks_51399.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78307 HP StorageWorks P2000 G3 URI Traversal Arbitrary File Access

Nessus® Vulnerability Scanner

Date Description
1999-11-05 Name : The remote web server is affected by a directory traversal vulnerability.
File : web_traversal.nasl - Type : ACT_ATTACK