File Write Vulnerability in HPE Network Automation Software
CVE-2016-4386

7.8HIGH

Key Information:

Vendor

HP
Status
Network Automation
Vendor
CVE Published:
29 September 2016

What is CVE-2016-4386?

HPE Network Automation Software version 10.10 contains a vulnerability that permits local users to write to arbitrary files through unspecified vectors. This concern may pose a risk to users by allowing unauthorized access to sensitive system files or configurations, potentially compromising the integrity and security of the software environment. Stakeholders are recommended to assess their systems for this vulnerability and apply any available mitigations.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93218
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036929
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-4386 : File Write Vulnerability in HPE Network Automation Software