vulnerability

HP Device Manager (CVE-2020-6925): Weak Cipher

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Sep 25, 2020	Oct 3, 2020	Jan 12, 2023

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Sep 25, 2020

Added

Oct 3, 2020

Modified

Jan 12, 2023

Description

Potential vulnerabilities have been identified with certain versions of HP Device Manager. These vulnerabilities may allow locally managed accounts within HP Device Manager to be susceptible to dictionary attacks due to weak cipher implementation (CVE-2020-6925) and allow a malicious actor to remotely gain unauthorized access to resources (CVE-2020-6926), and/or allow a malicious actor to gain SYSTEM privileges (CVE-2020-6927).

CVE-2020-6925 does not impact customers who are using Active Directory authenticated accounts.

Solution

hp-device-manager-upgrade-latest

References

CVE-2020-6925
https://attackerkb.com/topics/CVE-2020-6925
URL-https://support.hp.com/ca-en/document/c06921908

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today