Privilege Escalation Vulnerability in HP-UX Products by HP
CVE-2015-2126

Currently unrated

Key Information:

Vendor: HP
Status: HP-ux
Vendor: CVE Published:; 6 July 2015

Summary

A local privilege escalation vulnerability exists in the pppoec component of HP's HP-UX operating system versions 11iv2 and 11iv3. This flaw allows local users to gain unauthorized privileges by exploiting certain setuid permissions. An attacker with local access could leverage this vulnerability to execute commands with higher privileges than permitted, potentially compromising sensitive information and system integrity. Organizations using the affected versions are advised to assess their security posture and implement mitigations as recommended by HP.

References

http://www.securityfocus.com/bid/75462

vdb-entryx_refsource_BID

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id/1032746

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 6, 2015
Vulnerability Reserved
Feb 27, 2015