Security Flaw in HP Support Assistant Software Impacting Integrity and Client Communication
CVE-2020-6917

7.8HIGH

Key Information:

Vendor: HP
Status: HP Support Assistant
Vendor: CVE Published:; 16 February 2022

Summary

HP Support Assistant software is susceptible to vulnerabilities that may allow unauthorized manipulation of data and provide avenues for untrusted client communications. This poses a risk to the integrity of the software and the security of the user's system, stressing the importance of keeping the software updated and configured correctly.

Affected Version(s)

HP Support Assistant before 9.11

References

https://support.hp.com/us-en/document/ish_5585999-5586023-16

x_refsource_MISC

https://github.com/mandiant/Vulnerability-Disclosures/blo...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2022
Vulnerability Reserved
Jan 13, 2020