|
|
|
|
| |
Credit:
The information has been provided by Alexandr Polyakov.
The original article can be found at: http://dsecrg.com/pages/vul/show.php?id=111
|
| |
Vulnerable Systems:
* HP StorageWorks 1/8 G2 Tape Autoloader v2.30 and earlier
A default unprivileged user can escalate privileges to administrator. After connecting with standard credentials (for example, username: user and password: user) an attacker is going to receive the following Cookies:
RMU_LEVEL 1
RMU_LOGIN 9999
RMU_SESSION 5
By simply changing the values of the RMU_LEVEL variable from "1" to "2", the attacker is authenticated by the software as being an Administrator. From that moment forward she is perceived as having Administrator rights.
Patch Availability:
Install the patches available at the following location:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01868405
CVE Information:
CVE-2009-2680
Disclosure Timeline:
30.09.2008 - Issue Reported
30.09.2008 - Vendor Response
11.01.2010 - Advisory published
|
|
|
|
|
