Login Sign Up

CVE-2020-6917

7.8 HIGH

📋 TL;DR

CVE-2020-6917 is a vulnerability in HP Support Assistant software that allows attackers to compromise system integrity and communicate with untrusted clients. This could enable privilege escalation or unauthorized access to sensitive information. All users running vulnerable versions of HP Support Assistant on Windows systems are affected.

💻 Affected Systems

Products:
  • HP Support Assistant
Versions: Versions prior to 9.11
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects HP computers with HP Support Assistant installed. The software typically comes pre-installed on HP systems.

📦 What is this software?

Support Assistant by Hp

View all CVEs affecting Support Assistant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive system resources and user data.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking malicious communications.

🌐 Internet-Facing: LOW - Requires local access or social engineering to exploit initially.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through lateral movement after initial compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or ability to execute code on the target system. No publicly available exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HP Support Assistant version 9.11 or later

Vendor Advisory: https://support.hp.com/us-en/document/ish_5585999-5586023-16

Restart Required: Yes

Instructions:

1. Open HP Support Assistant. 2. Click 'Updates' tab. 3. Install all available updates. 4. Alternatively, download and install version 9.11 or later from HP's website. 5. Restart the computer after installation.

🔧 Temporary Workarounds

Uninstall HP Support Assistant

windows

Remove the vulnerable software entirely if not needed

Control Panel > Programs > Uninstall a program > Select HP Support Assistant > Uninstall

Disable HP Support Assistant Service

windows

Stop the service to prevent exploitation while maintaining installation

sc stop "HP Support Assistant Service"
sc config "HP Support Assistant Service" start= disabled

🧯 If You Can't Patch

  • Implement strict endpoint protection with behavioral monitoring
  • Apply network segmentation to limit communication with untrusted clients

🔍 How to Verify

Check if Vulnerable:

Check HP Support Assistant version in the application or via Control Panel > Programs

Check Version:

wmic product where "name like 'HP Support Assistant%'" get version

Verify Fix Applied:

Verify version is 9.11 or higher in HP Support Assistant > About

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from HP Support Assistant
  • Suspicious network connections from HP Support Assistant processes

Network Indicators:

  • Unexpected outbound connections from HP Support Assistant
  • Communication with non-HP domains

SIEM Query:

process_name:"HPSA_Service.exe" AND (event_type:process_creation OR dest_ip:[external_ips])

📊 Metadata

CVE ID: CVE-2020-6917
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: February 16, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON