Local Authentication Bypass in HPE NonStop Server Products
CVE-2017-8974

4.4MEDIUM

Key Information:

Vendor: HP
Status: Nonstop Server
Vendor: CVE Published:; 18 December 2017

Summary

A local authentication restriction bypass vulnerability exists in specific versions of HPE NonStop Server systems. This flaw could allow attackers with local access to bypass authentication controls, granting unauthorized users access to restricted resources. HPE has released documentation to assist users in understanding this vulnerability and mitigating potential threats. It is crucial for administrators to review their system versions and apply any necessary updates to safeguard against this security risk.

Affected Version(s)

NonStop Server L-Series: T6533L01 through T6533L01^ADN

NonStop Server J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102530

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2017
Vulnerability Reserved
May 15, 2017