SB2017062803 - Multiple vulnerabilities in HPE SiteScope
Published: June 28, 2017
Security Bulletin ID
SB2017062803
Severity
High
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-8949)
The vulnerability allows a local attacker to obtain potentially sensitive information.The weakness exists due to an unspecified cryptographic error. A local attacker can read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
2) Information disclosure (CVE-ID: CVE-2017-8950)
The vulnerability allows a local attacker to obtain potentially sensitive information.The weakness exists due to an unspecified cryptographic error. A local attacker can read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
3) Security restrictions bypass (CVE-ID: CVE-2017-8951)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to insufficient privilege controls. A local attacker can bypass security restriction and gain access to the system.
4) Authentication bypass (CVE-ID: CVE-2017-8952)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to improper authentication. A remote attacker can bypass authentication and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.