CVE-2017-14355

A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://seclists.org/bugtraq/2017/Oct/23
http://www.securityfocus.com/bid/101270
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868
https://www.exploit-db.com/exploits/43857/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microfocus:connected_backup:8.6:::::::*
	cpe:2.3:a:microfocus:connected_backup:8.8.6:::::::*

History

No history.

Information

Published : 2017-12-05 21:29

Updated : 2023-11-07 02:38

NVD link : CVE-2017-14355

Mitre link : CVE-2017-14355

CVE.ORG link : CVE-2017-14355

JSON object : View

Products Affected

microfocus

connected_backup

CWE

NVD-CWE-noinfo

{"id": "CVE-2017-14355", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-12-05T21:29:00.200", "references": [{"url": "http://seclists.org/bugtraq/2017/Oct/23", "source": "security@opentext.com"}, {"url": "http://www.securityfocus.com/bid/101270", "source": "security@opentext.com"}, {"url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868", "source": "security@opentext.com"}, {"url": "https://www.exploit-db.com/exploits/43857/", "source": "security@opentext.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege."}, {"lang": "es", "value": "Se ha identificado una potencial vulnerabilidad de seguridad en las versiones 8.6 y 8.8.6 de HPE Connected Backup. La vulnerabilidad podr\u00eda explotarse localmente para permitir la escalada de privilegios."}], "lastModified": "2023-11-07T02:38:56.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:connected_backup:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F672C7E5-A002-49F3-A196-344F9750CABE"}, {"criteria": "cpe:2.3:a:microfocus:connected_backup:8.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B90BF7EE-4C0A-4580-8F89-42373EE3716E"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}