CVE-2024-27458

Published: Oct 7, 2024Modified: Oct 7, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: hp-security-alert@hp.com (Secondary)

Description

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (1)

https://support.hp.com/us-en/document/ish_11342101-11342130-16/hpsbhf03977

Source: hp-security-alert@hp.com

Timeline

No history available yet.