Digital Security Research Group [DSecRG] Advisory #DSECRG-09-011
Application: HP StorageWorks 1/8 G2 Tape Autoloader
Versions Affected: firmware v 2.30 and earlier
Vendor URL: http://hp.com/
Bug: Privilege escalation
Exploits: YES
Reported: 30.09.2008
Vendor Response: 30.09.2008
Date of Public Advisory: 10.01.2010
Solution: yes
CVE: CVE-2009-2680
CVSS 2.0: 8.5
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
Description
Vulnerability found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader.
Default unprivileged user can escalate privileges to administrator.
Details
http://dsecrg.com/pages/vul/show.php?id=111
About
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and
penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards.
Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
Polyakov Alexandr. PCI QSA.
Head of security audit department
Head of Digital Security Research Group
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: [email protected]
www.dsec.ru
www.dsecrg.com
www.pcidss.ru
Polyakov Alexandr
Head of security audit department
Head of Digital Security Research Group
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: [email protected]
www.dsec.ru