{"vuid":"VU#441363","idnumber":"441363","name":"HP Virtual SAN appliance root shell command injection","keywords":["HP","Virtual SAN","command injection","cwe-77"],"overview":"The HP Virtual SAN appliance version 9.5 is susceptible to a root shell command injection (CWE-77) vulnerability.","clean_desc":"Tenable Network Security has reported that HP's fix for the command injection vulnerability, EDB-ID 18893, was incomplete. The ping command for the appliance has a total of four parameters. The initial fix has only sanitized the input for one of the four parameters. Command injection is still possible against the other three parameters.","impact":"An authenticated attacker can run arbitrary commands on the appliance.","resolution":"We are currently unaware of a practical solution to this problem. Please consider the following workarounds.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an HP Virtual SAN appliance using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Tenable Network Security for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://cwe.mitre.org/data/definitions/77.html","http://www.exploit-db.com/exploits/18893/"],"cveids":["CVE-2012-2986"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-07-03T14:44:07Z","publicdate":"2012-08-17T00:00:00Z","datefirstpublished":"2012-08-17T22:08:50Z","dateupdated":"2012-08-17T22:08:53Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.7","cvss_basevector":"AV:A/AC:L/Au:S/C:C/I:C/A:C","cvss_temporalscore":"6.2","cvss_environmentalscore":"6.2","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}