CVE-2014-7879

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.5HIGH

EPSS

0.4%

top 37.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Hp-ux

Timeline

PublishedDec 10

Latest updateMay 13

Description

HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/hp-uxb.11.11, b.11.23, b.11.31+2

Patches

Patch: h20564.www2.hp.com ↗Patch: h20564.www2.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-87cj-3v3f-qhcr: HP HP-UX B↗2022-05-13

▶

CVEList

CVE-2014-7879: HP HP-UX B↗2014-12-10

▶