CVE-2020-6927

high

Description

Potential vulnerabilities have been identified with certain versions of HP Device Manager. These vulnerabilities may allow locally managed accounts within HP Device Manager to be susceptible to dictionary attacks due to weak cipher implementation (CVE-2020-6925) and allow a malicious actor to remotely gain unauthorized access to resources (CVE-2020-6926), and/or allow a malicious actor to gain SYSTEM privileges (CVE-2020-6927). CVE-2020-6925 does not impact customers who are using Active Directory authenticated accounts. CVE-2020-6927 does not impact customers who are using an external database (Microsoft SQL Server) and have not installed the integrated Postgres service.

From the Tenable Blog

CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager

CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager

Published: 2020-10-06

Vulnerabilities in HP Device Manager could be chained to achieve unauthenticated remote command execution.

References

https://www.tenable.com/blog/cve-2020-6925-cve-2020-6926-cve-2020-6927-multiple-vulnerabilities-in-hp-device-manager

https://support.hp.com/us-en/document/c06921908

Details

Source: Mitre, NVD

Published: 2023-05-26

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity: High