Description
HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was
remediated with HP System Event Utility version 3.2.16.
Published: 2026-03-03
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

HP System Event Utility contains a flaw that permits an attacker with sufficient privileges to perform arbitrary file writes. The ability to overwrite or create files can disrupt the utility’s operation, causing it to stop functioning and effectively denying availability of the service. This issue is categorized as a permission and privilege escalation weakness, mapped to the CWE identifiers controlling write permissions and incorrect permission assignments.

Affected Systems

The vulnerability affects the HP System Event Utility from HP Inc. All released versions prior to 3.2.16 are impacted; the fix is delivered in version 3.2.16 and later releases.

Risk and Exploitability

The assessed CVSS score of 5.2 reflects moderate risk, and the EPSS indicates an exploitation probability of less than 1 %. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that an attacker must be able to execute code with elevated privileges on the system to achieve arbitrary file writes, suggesting a local or privilege‑escalated attack vector rather than remote exploitation. Given the low likelihood of widespread exploitation, the overall risk is moderate but should be mitigated promptly.

Generated by OpenCVE AI on April 17, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade HP System Event Utility to version 3.2.16 or later.
  • Restrict the execution rights of the utility so it runs with the minimum privileges required for its functions.
  • Ensure that critical configuration and system files used by the utility have permissions that prevent writes by non‑privileged users.

Generated by OpenCVE AI on April 17, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hp:system_event_utility:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp system Event Utility
Vendors & Products Hp
Hp system Event Utility

Tue, 03 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
CWE-732
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.
Title HP System Event Utility – Denial of Service
First Time appeared Hp Inc
Hp Inc hp System Event Utility
CPEs cpe:2.3:a:hp_inc:hp_system_event_utility:*:*:windows:*:*:*:*:*
Vendors & Products Hp Inc
Hp Inc hp System Event Utility
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hp System Event Utility
Hp Inc Hp System Event Utility
cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2026-03-03T19:36:10.534Z

Reserved: 2026-02-20T20:33:06.903Z

Link: CVE-2026-2915

cve-icon Vulnrichment

Updated: 2026-03-03T19:35:40.934Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T20:16:49.980

Modified: 2026-03-09T18:11:19.250

Link: CVE-2026-2915

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:30:19Z

Weaknesses