HP Product Security Response TeamHPSBPY03901UC Software - Hidden Functionality
6.5 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:M/C:C/I:C/A:C
6.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
A potential vulnerability was discovered in certain Trio devices. An attacker can enable a hidden configuration with knowledge of the administrator password, physical access to the device, and the ability to bypass the authentication process of the hidden configuration to gain a shell with elevated privileges.
HP has identified affected products and corresponding firmware minimum versions that mitigate the potential vulnerabilities. See the affected products listed below.
Related
6.5 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:M/C:C/I:C/A:C
6.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%