Lucene search

HP Product Security Response TeamHPSBPY03896

HistoryJan 08, 2024 - 12:00 a.m.

UC Software - Use of Insufficiently Random Values

2024-01-0800:00:00

HP Product Security Response Team

support.hp.com

poly devices

administrator session

web server

potential vulnerability

affected products

firmware

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.7%

JSON

A potential vulnerability was discovered in certain Poly devices. A potential flaw allows an attacker to predict a session and piggyback onto an active administrator session of the web server. The potential vulnerability is dependent on the administrator maintaining an active session.

HP has identified affected products and corresponding firmware minimum versions that mitigate the potential vulnerabilities. See the affected products listed below.

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.7%

JSON

Related for HPSBPY03896