vendor:
HP Client
by:
SlidingWindow
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: HP Client
Affected Version From: 7.9
Affected Version To: 9.1
Patch Exists: No
Related CWE: CVE-2015-1497
CPE: a:persistentsys:hp_client
Platforms Tested: Windows 7, CentOS release 6.7 (Final)
2016
HP Client – Automation Command Injection
This exploit allows an attacker to execute arbitrary commands on the target system. The exploit works on HP Client versions 7.9, 8.1, 9.0, and 9.1. It has been tested on Windows 7 and CentOS release 6.7 (Final). The vulnerability is identified as CVE-2015-1497.
Mitigation:
Update to the latest version of HP Client software.
