Vulnerability CVE-2015-5368


Published: 2015-08-27

Description:
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.

Vendor: HP
Product: Hspa+ gobi 4g 
Version: 12.500.00.15.1802;
Product: Lt4112 lte 
Version: 12.500.00.15.1802;
Product: Elitebook 820 g1 
Product: Zbook 15u 
Product: Spectre x2 13-smb pro 
Product: Probook 640 g1 
Product: Probook 440 g1 
Product: Elitepad 1000 g2 
Product: Elitebook 850 g2 
Product: Elitebook 825 g2 
Product: Elite x2 1010 g2 
Product: Zbook 14 g2 
Product: Probook 650 g1 
Product: Probook 450 g0 
Product: Probook 430 g1 
Product: Elitebook folio 9470m 
Product: Elitebook 840 g2 
Product: Elitebook 1040 g2 
Product: Zbook 15 g2 
Product: Probook x2 620 g1 
Product: Probook 450 g2 
Product: Probook 440 g0 
Product: Elitebook revolve 810 g2 
Product: Elitebook 850 g1 
Product: Elitebook 820 g2 
Product: Zbook 17 g2 
Product: Zbook 14 
Product: Probook 645 g1 
Product: Probook 440 g2 
Product: Mt41 thin client 
Product: Elitebook 855 g1 
Product: Elitebook 840 g1 
Product: Elitebook 1040 g1 
Product: Zbook 15 
Product: Probook 655 g1 
Product: Probook 450 g1 
Product: Probook 430 g2 
Product: Elitebook revolve 810 g1 
Product: Elitebook 845 g1 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
7.8/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Complete

 References:
http://www.securityfocus.com/bid/76176
http://www.securitytracker.com/id/1033414
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272

Related CVE
CVE-2019-6333
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touc...
CVE-2019-11656
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
CVE-2019-11655
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
CVE-2019-5408
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. Th...
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

Copyright 2019, cxsecurity.com

 

Back to Top