Info

Disclosure

Sep 24, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

StorageWorks Command View XP contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local user on the management station accesses Command View. This flaw may lead to a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Authentication Management
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released patches to address this vulnerability.

Products

Hewlett-Packard Development Company, L.P.	Command View XP	1.11
		1.11.1
		1.11.02
		1.30.00
		1.40.01
		1.40.04
		1.51.00
		1.52.00
		1.53.00
		1.53.01a
		1.53.05a
		1.60.00
		1.7A
		1.7B
		1.8b
		1.8a

References

Security Tracker: 1011407
Bugtraq ID: 11249
Secunia Advisory ID: 12655
ISS X-Force ID: 17490
CVE ID: 2004-1480 (see also: NVD)
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBST ......
Vendor URL: http://www.hp.com/products1/storage/products/disk_arrays/xpstoragesw/commandview/ ......

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Hewlett-Packard Development Company, L.P.

Command View XP

References

Credit