Vulnerability CVE-2015-5367


Published: 2015-08-27

Description:
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.

Vendor: HP
Product: Hspa+ gobi 4g 
Version: 12.500.00.15.1802;
Product: Lt4112 lte 
Version: 12.500.00.15.1802;
Product: Elitebook 820 g1 
Product: Zbook 15u 
Product: Spectre x2 13-smb pro 
Product: Probook 640 g1 
Product: Probook 440 g1 
Product: Elitepad 1000 g2 
Product: Elitebook 850 g2 
Product: Elitebook 825 g2 
Product: Elite x2 1010 g2 
Product: Zbook 14 g2 
Product: Probook 650 g1 
Product: Probook 450 g0 
Product: Probook 430 g1 
Product: Elitebook folio 9470m 
Product: Elitebook 840 g2 
Product: Elitebook 1040 g2 
Product: Zbook 15 g2 
Product: Probook x2 620 g1 
Product: Probook 450 g2 
Product: Probook 440 g0 
Product: Elitebook revolve 810 g2 
Product: Elitebook 850 g1 
Product: Elitebook 820 g2 
Product: Zbook 17 g2 
Product: Zbook 14 
Product: Probook 645 g1 
Product: Probook 440 g2 
Product: Mt41 thin client 
Product: Elitebook 855 g1 
Product: Elitebook 840 g1 
Product: Elitebook 1040 g1 
Product: Zbook 15 
Product: Probook 655 g1 
Product: Probook 450 g1 
Product: Probook 430 g2 
Product: Elitebook revolve 810 g1 
Product: Elitebook 845 g1 

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/76171
http://www.securitytracker.com/id/1033414
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272

Related CVE
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...
CVE-2018-18593
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10...
CVE-2018-7116
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7115
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installe...
CVE-2018-7111
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is th...
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.

Copyright 2019, cxsecurity.com

 

Back to Top