File Extraction Vulnerability in HP Support Assistant by HP
CVE-2017-2744

5.5MEDIUM

Key Information:

Vendor: HP
Status: HP Support Assistant
Vendor: CVE Published:; 23 January 2018

Summary

A vulnerability exists in HP Support Assistant prior to version 12.7.26.1 that permits unauthorized attackers to extract binaries to secure directories within the file system. This can lead to potential exploitation of system integrity and sensitive data exposure, which poses a significant risk to affected systems. HP has addressed this issue in the latest software versions, and affected users are urged to upgrade promptly to mitigate potential security threats.

Affected Version(s)

HP Support Assistant before 12.7.26.1

References

https://support.hp.com/us-en/document/c05648974

vendor-advisoryx_refsource_HP

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2018
Vulnerability Reserved
Dec 1, 2016