Local User Privilege Escalation in HP Operations Agent by HP
CVE-2014-2630

Currently unrated

Key Information:

Vendor

HP
Status
Operations Agent
Vendor
CVE Published:
12 August 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 13%

What is CVE-2014-2630?

A local user vulnerability exists in HP Operations Agent 11.00 when utilizing Glance, allowing unauthorized privilege escalation through undetermined vectors. This flaw can potentially impact system security by enabling local users to gain elevated access, posing risks to sensitive data and overall system integrity. It is crucial for organizations using this product to apply necessary patches and security measures to mitigate potential exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2014-2630
Created by Rapid7

perf-exploiter
Created by redtimmy

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...
vendor-advisoryx_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/95181
vdb-entryx_refsource_XF
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...
vendor-advisoryx_refsource_HP

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-2630 : Local User Privilege Escalation in HP Operations Agent by HP