Lucene search

K
hpHP Product Security Response TeamHP:C04262670
HistoryApr 23, 2014 - 12:00 a.m.

HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information

2014-04-2300:00:00
HP Product Security Response Team
support.hp.com
600

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

Potential Security Impact

Remote disclosure of information

VULNERABILITY SUMMARY

The “Heartbleed” vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletin’s objective is to notify HP customers about certain HP Thin Client class of products affected by the “Heartbleed” vulnerability. HP will continue to release additional bulletins advising customers about other HP products

> note:
>
> The “Heartbleed” vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software.

RESOLUTION

HP has released a patch to address this vulnerability for the impacted versions HP ThinPro OS version 4.4 and HP Smart Zero Core Services version 4.4.

The patch is available here: <ftp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/openssl-service-pack-1.0-all-4.4-x86.xar&gt;

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%