Privilege escalation vulnerability in HP Support Assistant


  • Staff
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

Severity
High

HP Reference
HPSBHF03809 Rev. 1

Release date
September 6, 2022

Last updated
September 6, 2022

Category
PC

Potential Security Impact
Privilege escalation

Relevant Common Vulnerabilities and Exposures (CVE) List​

Optional: Reported by: Ammarit Thongthua, Sumedt Jitpukdebodin, and Krischat Thataristorai (Secure D Research team)

LIST OF CVE IDS

CVE IDBase ScoreBase VectorVendor ID
CVE-2022-383958.2CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HHP

Learn more about CVSS 3.1 base metrics, which range from 0 to 10.

PSR-2021-0113

Resolution​

HP strives to address all security issues with HP Support Assistant at best possible speed and make the latest version available with the fixes. HP recommends that customers update to the latest version of HP Support Assistant that includes fixes to above listed issues by turning on automatic updates in the HP Support Assistant settings. If the system has HP Support Assistant version 8x, HP advises that customers to upgrade to HP Support Assistant version 9 by going to the About section and checking for updates. If the system has HP Support Assistant version 9, HP recommends keeping Microsoft Store updates turned on so that the application is always kept up to date.

Alternately, customers can also get the latest version at https://www.hp.com/go/hpsupportassistant.

HP recommends keeping your system up to date with the latest firmware and software.

Affected products​

Identify the following affected products.
  • HP Support Assistant versions earlier than 9.11.
  • Fusion versions earlier than 1.38.2601.0.

Revision history​

This document has been revised according to the information below.

LIST OF VERSIONS

VersionDescriptionDate
1Initial ReleaseSeptember 6, 2022
Click to expand...

Read more:

Privilege escalation in HP Support Assistant | HP® Customer Support

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.
support.hp.com support.hp.com
 

Attachments

  • HP.png
    HP.png
    2.2 KB · Views: 0
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article
Microsoft releases workaround for CVE-2022-0001 Specter Security Vulnerability
2
Replies
36
Views
3K
kciN
kciN
  • Article
HP introduces new AI HP Elite and Pro Windows 11 PCs with Poly Studio
Replies
1
Views
834
Wynona
Wynona
  • Article
Visual Studio 2022 version 17.9.6 released
Replies
1
Views
460
Brink
Brink
  • Article
.NET 7 will reach End of Support on May 14, 2024
Replies
0
Views
332
Brink
Brink
  • Article
HP Unveils the HP Spectre Foldable PC
Replies
1
Views
488
Wisewiz
Wisewiz

Latest Support Threads

Latest Tutorials

Back
Top Bottom