CVE-2021-29218

Description

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.

Related CPE's

ahpeagentless_management********

omicrosoftwindows-*****x64*

ahpeproliant_agentless_management********

hhpeapollo_6500-*******

hhpeapollo_6500_gen10_plus-*******

hhpeapollo_80-*******

hhpeapollo_20-*******

hhpeproliant_dl-*******

hhpeproliant_ml-*******

hhpesynergy_480_gen9-*******

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04233en_us

Vendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

HIGH

BaseScore

6.7

VectorString

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

4.599999904632568

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io