Vulnerability Details : CVE-2017-14355
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
Exploit prediction scoring system (EPSS) score for CVE-2017-14355
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-14355
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2017-14355
-
https://www.exploit-db.com/exploits/43857/
HP Connected Backup 8.6/8.8.6 - Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
http://seclists.org/bugtraq/2017/Oct/23
Bugtraq: [security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of PrivilegeMailing List;Third Party Advisory
-
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868
MySupport - Micro Focus Software SupportVendor Advisory
-
http://www.securityfocus.com/bid/101270
HP Connected Backup CVE-2017-14355 Unspecified Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-14355
- cpe:2.3:a:microfocus:connected_backup:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:connected_backup:8.8.6:*:*:*:*:*:*:*