CVE-2012-2986

high

HPE

CVSS v3 Base Score

7.7

AV:A/AC:L/Au:S/C:C/I:C/A:C

EPSS Score

5.2%

Exploitation probability in 30 days

Top 10% most likely to be exploited

Attack Characteristics

Attack Vector

Adjacent

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: August 20, 2012 (5015 days ago)

Last Modified: April 29, 2026

Vendor: HPE

Source: NVD

Description

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.

CWE

CWE-78

Affected Products

hp san\/iq

References

🔗 www.kb.cert.org 🔗 www.kb.cert.org

CVE-2012-2986

Vulnerability Report

Description

CWE

Affected Products

References