Privilege escalation vulnerability in HP Support Assistant


HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

Severity
High

HP Reference
HPSBHF03809 Rev. 1

Release date
September 6, 2022

Last updated
September 6, 2022

Category
PC

Potential Security Impact
Privilege escalation

Relevant Common Vulnerabilities and Exposures (CVE) List​

Optional: Reported by: Ammarit Thongthua, Sumedt Jitpukdebodin, and Krischat Thataristorai (Secure D Research team)

LIST OF CVE IDS

CVE IDBase ScoreBase VectorVendor ID
CVE-2022-383958.2CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HHP

Learn more about CVSS 3.1 base metrics, which range from 0 to 10.

PSR-2021-0113

Resolution​

HP strives to address all security issues with HP Support Assistant at best possible speed and make the latest version available with the fixes. HP recommends that customers update to the latest version of HP Support Assistant that includes fixes to above listed issues by turning on automatic updates in the HP Support Assistant settings. If the system has HP Support Assistant version 8x, HP advises that customers to upgrade to HP Support Assistant version 9 by going to the About section and checking for updates. If the system has HP Support Assistant version 9, HP recommends keeping Microsoft Store updates turned on so that the application is always kept up to date.

Alternately, customers can also get the latest version at https://www.hp.com/go/hpsupportassistant.

HP recommends keeping your system up to date with the latest firmware and software.

Affected products​

Identify the following affected products.
  • HP Support Assistant versions earlier than 9.11.
  • Fusion versions earlier than 1.38.2601.0.

Revision history​

This document has been revised according to the information below.

LIST OF VERSIONS

VersionDescriptionDate
1Initial ReleaseSeptember 6, 2022
Click to expand...

Read more:

Privilege escalation in HP Support Assistant | HP® Customer Support

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.
support.hp.com support.hp.com
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article Article
Needrestart local privilege escalation vulnerability fixes available for Ubuntu
Replies
0
Views
220
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom