CVE-2021-29218

MEDIUM

HPE Agentless Mgmt Svcs <1.44.0.0 - Privilege Escalation

Title source: llm

Description

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.

References (1)

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04233en_us

Scores

CVSS v3 6.7

EPSS 0.0006

EPSS Percentile 20.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (2)

hpe/agentless_management < 1.44.0.0

hpe/proliant_agentless_management < 10.96.0.0

Published Feb 04, 2022

Tracked Since Feb 18, 2026