Remote Code Execution Vulnerability in HP LeftHand Virtual SAN Appliance
CVE-2013-2343

Currently unrated

Key Information:

Vendor: HP
Status: Lefthand Virtual San Appliance Hydra; Lefthand P4000 Virtual San Appliance; Lefthand Virtual San Appliance Hydra Software
Vendor: CVE Published:; 2 July 2013

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 75%

Summary

An unspecified vulnerability in the HP LeftHand Virtual SAN Appliance hydra software versions prior to 10.0 can potentially allow remote attackers to execute arbitrary code through unknown attack vectors. This poses significant risks to system integrity and confidentiality, necessitating prompt attention to affected deployments.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2013-2343
Created by Rapid7

References

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Aug 10, 2013
👾
Exploit known to exist
Aug 10, 2013
Vulnerability published
Jul 2, 2013