CVE-2012-4362
CVE-2012-4362 is a medium-severity vulnerability in Hp San/iq with a CVSS 2.0 base score of 4.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-255.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.0)
- EPSS exploit prediction: 3% (87th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-255
- Affected product: Hp San/iq
- Published:
- Last modified:
Description
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
Frequently asked questions
- What is CVE-2012-4362?
- hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
- How severe is CVE-2012-4362?
- CVE-2012-4362 has a CVSS 2.0 base score of 4.0, rated medium severity.
- Is CVE-2012-4362 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (87th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-4362?
- CVE-2012-4362 affects Hp San/iq. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2012-4362?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2012-4362 published?
- CVE-2012-4362 was published on 2012-08-20 and last updated on 2026-06-16.
References
- http://www.exploit-db.com/exploits/18893/
- http://www.exploit-db.com/exploits/18901/
- http://www.kb.cert.org/vuls/id/441363
Affected products (1)
- cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:*
More vulnerabilities in Hp San/iq
- CVE-2012-3285 — Critical (CVSS 10.0): Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote…
- CVE-2012-3284 — Critical (CVSS 10.0): Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote…
- CVE-2012-3283 — Critical (CVSS 10.0): Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote…
- CVE-2012-3282 — Critical (CVSS 10.0): Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote…
- CVE-2011-4157 — Critical (CVSS 10.0): Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance…
- CVE-2013-2352 — Critical (CVSS 9.4): LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling…
All CVEs affecting Hp San/iq →
Other CWE-255 (Credentials Management Errors) vulnerabilities
- CVE-2016-0898 — Critical (CVSS 10.0): MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were…
- CVE-2015-7906 — Critical (CVSS 10.0): LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash…
- CVE-2015-7856 — Critical (CVSS 10.0): OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access…
- CVE-2014-9736 — Critical (CVSS 10.0): GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key…
- CVE-2014-7233 — Critical (CVSS 10.0): GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu,…
- CVE-2014-7232 — Critical (CVSS 10.0): GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser…
Browse all CWE-255 (Credentials Management Errors) vulnerabilities →