CVE-2017-12549 — Improper Authentication in HP System Management Homepage

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.6MEDIUMNVD

EPSS

0.0%

top 88.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP System Management Homepage Hewlett Packard Enterprise System Management Homepage FOR Windows AND Linux

Timeline

PublishedFeb 15

Latest updateMay 14

Description

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:HExploitability: 0.3 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/system_management_homepage_for_windows_and_linuxprior to 7.6.1

▶NVDhp/system_management_homepage< 7.6.1

🔴Vulnerability Details

GHSA

GHSA-h7mp-8hcg-j2mc: A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7↗2022-05-14

▶

CVEList

CVE-2017-12549: A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7↗2018-02-15

▶