Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5558Use of Externally-Controlled Format String in HP Hp-ux

4 documents4 sources
Severity
10.0CRITICALNVD
CNA7.2
EPSS
4.1%
top 11.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Hp-ux
Timeline
PublishedOct 27
Latest updateMay 1

Description

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDhp/hp-ux4 versions+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-44mf-wvvw-vrcw: Format string vulnerability in the swask command in HP-UX B2022-05-01
CVEList
CVE-2006-5558: Format string vulnerability in the swask command in HP-UX B2006-10-27

💥Exploits & PoCs

1
Exploit-DB
HP-UX 11i - 'swask' Format String Privilege Escalation2006-10-24
CVE-2006-5558 — HP Hp-ux vulnerability | cvebase