CVE-2014-2630

HP Performance Monitoring xglance Priv Esc

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-2630. PoCs published by redtimmysec, redtimmy, h00die, Tim Brown, Robert Jaroszuk, Marco Ortisi, including Metasploit module exploits/linux/local/hp_xglance_priv_esc.

AI-analyzed exploit summary This exploit targets CVE-2014-2630, a privilege escalation vulnerability in Hewlett-Packard Performance Monitoring for Open System Environments (xglance-bin 11.00). It leverages a shared library injection technique to escalate privileges by setting the effective user ID to root and spawning a shell.

Description

Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.

Exploits (3)

exploitdb WORKING POC
by redtimmysec · bashlocallinux
https://www.exploit-db.com/exploits/48000

This exploit targets CVE-2014-2630, a privilege escalation vulnerability in Hewlett-Packard Performance Monitoring for Open System Environments (xglance-bin 11.00). It leverages a shared library injection technique to escalate privileges by setting the effective user ID to root and spawning a shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Hewlett-Packard Performance Monitoring for Open System Environments (xglance-bin 11.00)
No auth needed
Prerequisites: Access to a vulnerable system with xglance-bin installed · Ability to compile and inject a shared library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by redtimmy · poc
https://github.com/redtimmy/perf-exploiter

This exploit leverages CVE-2014-2630, a vulnerability in HP Performance Monitoring's `xglance-bin` SUID binary, to escalate privileges to root. It uses a shared library injection technique to execute a shell with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: HP Performance Monitoring for Open System Environments (xglance-bin)
No auth needed
Prerequisites: Presence of vulnerable HP Performance Monitoring installation · Local access to the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by h00die, Tim Brown, Robert Jaroszuk, Marco Ortisi · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/hp_xglance_priv_esc.rb

This Metasploit module exploits CVE-2014-2630, a privilege escalation vulnerability in HP Performance Monitoring's xglance-bin due to an insecure RPATH. It leverages a relative path to inject a malicious shared library, escalating privileges to root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: HP Performance Monitoring (Glance) version 11 and subsequent
No auth needed
Prerequisites: Access to a vulnerable system with xglance-bin installed · Write permissions in a directory (default /tmp) · Presence of gcc for live compilation or pre-compiled exploit binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95181
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60041
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030702
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Feb/1
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Feb/7

Scores

EPSS 0.0708
EPSS Percentile 93.4%

Details

Status published
Products (1)
hp/operations_agent 11.0
Published Aug 12, 2014
Tracked Since Feb 18, 2026