Unquoted Search Path or Element in HPE Agentless Management Service and ProLiant Agentless Management Service
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-29218 |
| CWE-ID | CWE-428 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ProLiant Agentless Management Service Other software / Other software solutions Agentless Management Service Other software / Other software solutions |
| Vendor | HPE |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Unquoted Search Path or Element
EUVDB-ID: #VU60454
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29218
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the affected application registers some Windows services with unquoted file paths. A local administrator can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsProLiant Agentless Management Service: before 10.96.0.0
Agentless Management Service: before 1.44.0.0
External linkshttp://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04233en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
