Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.HP_SUPPORT_ASSISTANT_8_8.NASL
HistoryJul 19, 2019 - 12:00 a.m.

HP Support Assistant < 8.8 Multiple Vulnerabilities

2019-07-1900:00:00
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

The version of HP Support Assistant installed on the remote Windows host is prior to 8.8. It is, therefore, affected by two unspecified privilege escalation vulnerabilities. An authenticated, local attacker can exploit this, to gain system level access to the system.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(126826);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/09");

  script_cve_id("CVE-2019-6328", "CVE-2019-6329");
  script_bugtraq_id(108891);
  script_xref(name:"HP", value:"c06388027");
  script_xref(name:"HP", value:"HPSBGN03620");
  script_xref(name:"IAVB", value:"2019-B-0061-S");

  script_name(english:"HP Support Assistant < 8.8 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by
two privilege escalation vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of HP Support Assistant installed on the remote Windows
host is prior to 8.8. It is, therefore, affected by two unspecified
privilege escalation vulnerabilities. An authenticated, local attacker
can exploit this, to gain system level access to the system.");
  # https://support.hp.com/ca-en/document/c06388027
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0b41bcaa");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP Support Assistant version 8.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6329");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:support_assistant");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("hp_support_assistant_installed.nbin");
  script_require_keys("installed_sw/HP Support Assistant");

  exit(0);
}

include('vcf.inc');

app_info = vcf::get_app_info(app:'HP Support Assistant');
constraints = [{ 'fixed_version' : '8.8' }];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
hpsupport_assistantcpe:/a:hp:support_assistant

Related

cve 2
nvd 2
cvelist 2
prion 2
hp 1
githubexploit 1
cve
cve
CVE-2019-6329
2019-06-25 17:15:09
CVE-2019-6328
2019-06-25 17:15:09
nvd
nvd
CVE-2019-6328
2019-06-25 17:15:09
CVE-2019-6329
2019-06-25 17:15:09
cvelist
cvelist
CVE-2019-6329
2019-06-25 16:24:33
CVE-2019-6328
2019-06-25 16:23:47
prion
prion
Code injection
2019-06-25 17:15:00
Design/Logic Flaw
2019-06-25 17:15:00
hp
hp
HPSBGN03620 rev. 4 - HP Support Assistant Escalation of Privilege Vulnerability
2019-06-23 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Hp Support Assistant
2019-10-13 09:20:16

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for HP_SUPPORT_ASSISTANT_8_8.NASL
cve2nvd2cvelist2prion2hp1githubexploit1