Search...

CVE-2015-2112

2015-04-14T22:59:00

ID CVE-2015-2112
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:13:00

Description

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.

JSON Vulners Source

Initial Source

{"id": "CVE-2015-2112", "bulletinFamily": "NVD", "title": "CVE-2015-2112", "description": "Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.", "published": "2015-04-14T22:59:00", "modified": "2019-10-09T23:13:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2112", "reporter": "cve@mitre.org", "references": ["https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04629160", "http://www.securityfocus.com/bid/73961"], "cvelist": ["CVE-2015-2112"], "type": "cve", "lastseen": "2020-12-09T20:03:02", "edition": 6, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14374", "SECURITYVULNS:DOC:31900"]}, {"type": "hp", "idList": ["HP:C04629160"]}], "modified": "2020-12-09T20:03:02", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2020-12-09T20:03:02", "rev": 2}, "vulnersScore": 8.2}, "cpe": ["cpe:/a:hp:easy_tools:3.0.1"], "affectedSoftware": [{"cpeName": "hp:easy_tools", "name": "hp easy tools", "operator": "le", "version": "3.0.1"}], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:hp:easy_tools:3.0.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "affectedConfiguration": [{"cpeName": "hp:t510", "name": "hp t510", "operator": "eq", "version": "*"}, {"cpeName": "hp:t5740e", "name": "hp t5740e", "operator": "eq", "version": "*"}, {"cpeName": "hp:t5740", "name": "hp t5740", "operator": "eq", "version": "*"}, {"cpeName": "hp:t610", "name": "hp t610", "operator": "eq", "version": "*"}, {"cpeName": "hp:t520", "name": "hp t520", "operator": "eq", "version": "*"}, {"cpeName": "hp:t820", "name": "hp t820", "operator": "eq", "version": "*"}, {"cpeName": "hp:t620", "name": "hp t620", "operator": "eq", "version": "*"}, {"cpeName": "hp:t5540", "name": "hp t5540", "operator": "eq", "version": "*"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:easy_tools:3.0.1:*:*:*:*:*:*:*", "versionEndIncluding": "3.0.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:hp:t5740e:*:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:t610:*:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:t520:*:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:t620:*:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:t820:*:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:t510:*:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:t5740:*:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:t5540:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-2112", "CVE-2015-2113"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04629160\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04629160\r\nVersion: 1\r\n\r\nHPSBHF03310 rev.1 - HP Thin Clients running Windows Embedded Standard 7\r\n(WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote\r\nElevation of Privilege, Execution of Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2015-04-07\r\nLast Updated: 2015-04-07\r\n\r\nPotential Security Impact: Remote elevation of privilege, execution of code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with certain HP Thin\r\nClients running Windows Embedded Standard 7 (WES7) and Windows Embedded\r\nStandard 2009 (WES09) and all versions of HP Easy Deploy. The vulnerabilities\r\ncould be exploited remotely to allow elevation of privilege and execution of\r\ncode.\r\n\r\nNote: HP Easy Deploy was bundled in versions of HP Easy Tools prior to\r\nversion 3.0.1.1650.\r\n\r\nReferences:\r\n\r\nCVE-2015-2112\r\nCVE-2015-2113\r\nSSRT101680\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nNote: All versions of Easy Deploy running on Windows Embedded Standard 7\r\n(WES7) Easy Deploy are vulnerable.\r\n\r\nFollowing is a complete list of affected hardware platforms.\r\n\r\nHardware Platforms Affected:\r\n\r\nHP t5540 Thin Client\r\nHP t5740 Thin Client\r\nHP t5740e Thin Client\r\nHP t510 Flexible Thin Client\r\nHP t610 Flexible Thin Client\r\nHP t810 Flexible Thin Client\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2015-2112 (AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0\r\nCVE-2015-2113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Junior Meijering for reporting this issue\r\nsecurity-alert@hp.com.\r\n\r\nRESOLUTION\r\n\r\nHP has removed HP Easy Deploy from the HP Easy Tools software package\r\nbeginning with version 3.0.1.1650.\r\n\r\nHP recommends updating HP Easy Tools thin client management software to at\r\nleast version 3.0.1.1650 or later.\r\n\r\nAlternatively, customers may choose to remove older versions of HP Easy Tools\r\ncontaining HP Easy Deploy while logged in as an Administrator by using either\r\nof the following methods:\r\n\r\nMethod 1: Remove HP Easy Tools from Add/Remove Program\r\nMethod 2: Execute the command Msiexec.exe\r\n/x{EB60CBE5-19E8-4A62-AB13-1CF5FA4F9C82}\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 7 April 2015 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2015 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlUkVjoACgkQ4B86/C0qfVmPIQCg0pnr2/51UZMJc1EKDf39ftSZ\r\nkFYAoJG6FIWqM2GDZzbK/i6Ztd7MbYf2\r\n=iFE1\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "SECURITYVULNS:DOC:31900", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31900", "title": "[security bulletin] HPSBHF03310 rev.1 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-2112", "CVE-2015-2113"], "description": "Code execution, privilege escalation.", "edition": 1, "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "SECURITYVULNS:VULN:14374", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14374", "title": "HP Thin Clients security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "hp": [{"lastseen": "2020-10-13T01:02:25", "bulletinFamily": "software", "cvelist": ["CVE-2015-2112", "CVE-2015-2113"], "description": "## Potential Security Impact\nRemote elevation of privilege, execution of code \n\n## VULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with certain HP Thin Clients running Windows Embedded Standard 7 (WES7) and Windows Embedded Standard 2009 (WES09) and all versions of HP Easy Deploy. The vulnerabilities could be exploited remotely to allow elevation of privilege and execution of code. \n\n**Note:** HP Easy Deploy was bundled in versions of HP Easy Tools prior to version 3.0.1.1650. \n\n## RESOLUTION\nHP has removed HP Easy Deploy from the HP Easy Tools software package beginning with version 3.0.1.1650.\n\nHP recommends updating HP Easy Tools thin client management software to at least version 3.0.1.1650 or later.\n\nAlternatively, customers may choose to remove older versions of HP Easy Tools containing HP Easy Deploy while logged in as an Administrator by using either of the following methods: \n\n * Method 1: Remove HP Easy Tools from Add/Remove Program \n * Method 2: Execute the command Msiexec.exe /x{EB60CBE5-19E8-4A62-AB13-1CF5FA4F9C82}\n\n**HISTORY ** \nVersion:1 (rev.1) - 7 April 2015 Initial release \nVersion:2 (rev.2) - 13 April 2015 updated list of hardware platforms affected \n\n**Third Party Security Patches:** Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. \n\n**Support:** For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\n**Report:** To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \n\n**Subscribe: **To initiate a subscription to receive future HP Security Bulletin alerts via Email: <http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins>\n\n**Security Bulletin Archive: ** A list of recently released Security Bulletins is available here: <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive>\n\n**Software Product Category:** The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM \n3P = 3rd Party Software \nGN = HP General Software \nHF = HP Hardware and Firmware \nMP = MPE/iX \nMU = Multi-Platform Software \nNS = NonStop Servers \nOV = OpenVMS \nPI = Printing and Imaging \nPV = ProCurve \nST = Storage Software \nTU = Tru64 UNIX \nUX = HP-UX \n", "edition": 2, "modified": "2015-04-07T00:00:00", "published": "2015-04-01T00:00:00", "id": "HP:C04629160", "href": "https://support.hp.com/us-en/document/c04629160", "title": "HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code", "type": "hp", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}