A vulnerability in the HP Accessory WMI Provider installer for certain HP Docking Stations could allow an attacker to elevate privileges or execute arbitrary code. The weakness originates from the installer component, which if exploited, can grant the attacker higher-level permissions on the target system. This could lead to unauthorized access, data theft or further compromise of the environment.

The affected products are HP Dock Accessory devices supplied by HP Inc., specifically docking stations that use the WMI Provider installer. All models identified by HP as having the vulnerable installer should be reviewed and updated. No version range is specified in the advisory, so all current installations should be considered potentially vulnerable until the update is applied.

The CVSS base score is 7.3, indicating a high risk level. EPSS data is not available, so the exact exploitation likelihood cannot be quantified, but the lack of an EPSS score does not imply low risk. The vulnerability is not listed in the CISA KEV catalog, yet the nature of the flaw—privilege escalation and arbitrary code execution—means it can be serious if locally or remotely triggered. Attackers would need to deliver or trigger the flawed installer, most likely through local execution or if the installer is exposed to untrusted inputs. The absence of explicit remote vector information suggests that the threat surface is primarily local, but the possible consequence of code execution warrants urgent remediation.