Vigil@nce: HP Enterprise Discovery, privileges escalation
August 2008 by Vigil@nce
A remote attacker can gain extended privileges on a computer
running HP Enterprise Discovery.
– Gravity: 2/4
– Consequences: privileged access/rights
– Provenance: LAN
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 27/08/2008
– Identifier: VIGILANCE-VUL-8067
IMPACTED PRODUCTS
- Hewlett-Packard OpenView
DESCRIPTION
HP Enterprise Discovery is used to discover and inventories
software, hardware and networked devices across an enterprise.
A vulnerability has been discovered, but no information about it,
has been published for the moment.
The vulnerability is that a remote attacker authentified on
"Enterprise Discovery" can gain privileges rights on the
application.
CHARACTERISTICS
– Identifiers: c01508161, CVE-2008-3538, HPSBMA02363, SSRT080106,
VIGILANCE-VUL-8067
– Url: https://vigilance.aql.fr/tree/1/8067