CVE-2012-2986

Name of the Vulnerable Software and Affected Versions HP SAN/iQ version 9.5 on the HP Virtual SAN Appliance

Description The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain parameters. This is due to an incomplete fix for a previous issue.

Recommendations For HP SAN/iQ version 9.5 on the HP Virtual SAN Appliance, avoid using shell metacharacters in the first, third, or fourth parameter of the lhn/public/network/ping endpoint until a complete fix is available. As a temporary workaround, consider restricting access to the lhn/public/network/ping endpoint to minimize the risk of exploitation.