Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSh2kerrPACKETSTORM:85012
HistoryJan 11, 2010 - 12:00 a.m.

HP StorageWork 1/8 G2 Tape Autoloader Privilege Escalation

2010-01-1100:00:00
Sh2kerr
packetstormsecurity.com
22

EPSS

0.037

Percentile

91.8%

JSON
`[DSECRG-09-011] HP StorageWorks 1/8 G2 Tape Autoloader - privilege escalation, DOS  
  
A vulnerability was found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader.  
Default unprivileged user can escalate privileges to the administrator and execute DOS attack.  
  
  
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-011  
  
  
Application: HP StorageWorks 1/8 G2 Tape Autoloader  
Versions Affected: firmware v 2.30 and earlier  
Vendor URL: http://hp.com/  
Bug: Privilege escalation  
Exploits: YES  
Reported: 30.09.2008  
Vendor Response: 30.09.2008  
Date of Public Advisory: 11.01.2010  
Solution: yes  
CVE: CVE-2009-2680  
CVSS 2.0: 8.5  
Author: Alexandr Polyakov  
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)  
  
  
  
Description  
***********  
A vulnerability was found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader.  
A default unprivileged user can escalate privileges to the administrator.  
  
  
Details  
*******  
  
An attacker can connect with standard credentials  
(username: user and password: user).  
After that he can see the cookies like that:  
  
RMU_LEVEL 1  
RMU_LOGIN 9999  
RMU_SESSION 5  
  
  
Then if he changes the RMU_LEVEL parameter to 2, he can be authorized as administrator.  
After that he can do anything possible using administrative rights.  
  
  
Solution  
********  
  
Install the following patches  
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01868405  
  
References  
**********  
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01868405  
http://dsecrg.com/pages/vul/show.php?id=111  
  
About  
*****  
  
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.  
  
  
Contact: research [at] dsecrg [dot] com  
http://www.dsecrg.com  
  
  
  
  
`

Related

securityvulns 2
cvelist 1
nvd 1
cve 1
prion 1
securityvulns
securityvulns
[DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS
2010-02-04 00:00:00
HP StorageWorks Tape Autoloader privilege escalation
2010-02-04 00:00:00
cvelist
cvelist
CVE-2009-2680
2009-09-24 16:00:00
nvd
nvd
CVE-2009-2680
2009-09-24 16:30:01
cve
cve
CVE-2009-2680
2009-09-24 16:30:01
prion
prion
Code injection
2009-09-24 16:30:00

EPSS

0.037

Percentile

91.8%

JSON
Related for PACKETSTORM:85012
securityvulns2cvelist1nvd1cve1prion1