Arbitrary Code Execution Vulnerability in HP Support Assistant
CVE-2018-5927

7.3HIGH

Key Information:

Vendor: HP
Status: HP Support Assistant
Vendor: CVE Published:; 27 March 2019

What is CVE-2018-5927?

An arbitrary code execution vulnerability exists in HP Support Assistant prior to version 8.7.50.3. This flaw allows an unauthorized user with local access to the system to execute arbitrary code, potentially compromising the integrity and confidentiality of the operating environment. Users are recommended to upgrade to the latest version to mitigate this risk.

Affected Version(s)

HP Support Assistant Before 8.7.50.3

References

https://support.hp.com/us-en/document/c06242762

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2019
Vulnerability Reserved
Jan 19, 2018