Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
efef31e729581273d43acf86536cbf3cf65886fa8a51dab225bf70b406583cb8