Vulnerability Details : CVE-2014-2630
Public exploit exists!
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-2630
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 33 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-2630
-
HP Performance Monitoring xglance Priv Esc
Disclosure Date: 2014-11-19First seen: 2020-05-14exploit/linux/local/hp_xglance_priv_escThis exploit takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 'and subsequent' , which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user.
CVSS scores for CVE-2014-2630
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
References for CVE-2014-2630
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95181
HP Operations Agent privilege escalation CVE-2014-2630 Vulnerability Report
-
http://www.securitytracker.com/id/1030702
HP Operations Agent Unspecified Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
-
https://seclists.org/bugtraq/2020/Feb/7
Bugtraq: xglance-bin exploit (CVE-2014-2630)
-
http://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.html
xglance-bin Local Root Privilege Escalation ≈ Packet Storm
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394554
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
-
http://secunia.com/advisories/60041
Sign in
-
http://packetstormsecurity.com/files/157528/HP-Performance-Monitoring-xglance-Privilege-Escalation.html
HP Performance Monitoring xglance Privilege Escalation ≈ Packet Storm
-
http://seclists.org/fulldisclosure/2020/Feb/1
Full Disclosure: xglance-bin exploit (CVE-2014-2630)
Products affected by CVE-2014-2630
- cpe:2.3:a:hp:operations_agent:11.0:*:*:*:*:*:*:*