CVE-2020-6926

critical

Description

Potential vulnerabilities have been identified with certain versions of HP Device Manager. These vulnerabilities may allow locally managed accounts within HP Device Manager to be susceptible to dictionary attacks due to weak cipher implementation (CVE-2020-6925) and allow a malicious actor to remotely gain unauthorized access to resources (CVE-2020-6926), and/or allow a malicious actor to gain SYSTEM privileges (CVE-2020-6927). CVE-2020-6925 does not impact customers who are using Active Directory authenticated accounts. CVE-2020-6927 does not impact customers who are using an external database (Microsoft SQL Server) and have not installed the integrated Postgres service.

References

https://www.tenable.com/blog/cve-2020-6925-cve-2020-6926-cve-2020-6927-multiple-vulnerabilities-in-hp-device-manager

https://support.hp.com/us-en/document/c06921908

Details

Source: Mitre, NVD

Published: 2023-05-29

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical