Impact
A flaw exists in HP One Agent, a management agent that runs on certain HP PC products, that could allow an attacker to gain higher privileges or cause a denial of service. The weakness is identified as CWE‑427, indicating improper handling of privileged paths or other privilege‑related misconfigurations. If exploited, the attacker could execute commands or crash the agent, potentially leading to broader system compromise or unavailability. Both confidentiality and integrity risks arise from the privilege escalation, while availability is threatened by the denial of service aspect.
Affected Systems
The vulnerability affects HP Inc. HP One Agent Software on Windows platforms. Specific affected versions are not listed in the advisory, so all installations of the HP One Agent that are running the identified code paths are potentially vulnerable until an update is applied. No further version details or product sub‑variants were disclosed.
Risk and Exploitability
The CVSS score of 8.5 signals a high severity. The EPSS score indicates a very low yet non‑zero probability of exploitation; the vulnerability is currently not in the CISA KEV catalog. Based on the description, the likely attack vector involves an actor already with local access to the device or one who can remotely interact with the Agent service. The exploitation would require the attacker to trigger the privileged path handling flaw, which could be achieved via crafted input or configuration changes. Because the exploit relies on privileged path usage, it is expected that the attacker would need at least user‑level access or the ability to run code within the HP One Agent context.
OpenCVE Enrichment