vulnerability
HP Device Manager (CVE-2020-6927): Elevation of Privilege
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:M/C:C/I:C/A:C) | Sep 25, 2020 | Oct 3, 2020 | Jan 12, 2023 |
Severity
7
CVSS
(AV:N/AC:H/Au:M/C:C/I:C/A:C)
Published
Sep 25, 2020
Added
Oct 3, 2020
Modified
Jan 12, 2023
Description
Potential vulnerabilities have been identified with certain versions of HP Device Manager. These vulnerabilities may allow locally managed accounts within HP Device Manager to be susceptible to dictionary attacks due to weak cipher implementation (CVE-2020-6925) and allow a malicious actor to remotely gain unauthorized access to resources (CVE-2020-6926), and/or allow a malicious actor to gain SYSTEM privileges (CVE-2020-6927).
CVE-2020-6927 does not impact customers who are using an external database (Microsoft SQL Server) and have not installed the integrated Postgres service.
Solution
hp-device-manager-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.