Login Sign Up

CVE-2024-28893

7.7 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in HP SoftPaq software allows attackers to execute arbitrary code by modifying configuration files after extraction. It affects systems running vulnerable HP software packages. Attackers could gain control of affected systems through this configuration file manipulation.

💻 Affected Systems

Products:
  • HP SoftPaq software packages
Versions: Specific vulnerable versions not detailed in advisory
Operating Systems: Windows (implied from HP software context)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists when SoftPaq configuration files are modified after extraction from the package.

📦 What is this software?

Softpaqs by Hp

View all CVEs affecting Softpaqs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or limited code execution within the context of the HP software process.

🟢

If Mitigated

No impact if systems are patched or proper file integrity monitoring prevents configuration file modification.

🌐 Internet-Facing: LOW (requires local access or file manipulation capabilities)
🏢 Internal Only: MEDIUM (insider threats or compromised accounts could exploit this vulnerability)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to modify configuration files after extraction, suggesting some level of access or privilege is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Updated SoftPaqs released by HP

Vendor Advisory: https://support.hp.com/us-en/document/ish_10502451-10502508-16/hpsbhf03931

Restart Required: Yes

Instructions:

1. Visit HP Support site. 2. Download updated SoftPaqs for affected software. 3. Install updated packages. 4. Restart affected systems.

🔧 Temporary Workarounds

File Integrity Monitoring

windows

Monitor SoftPaq configuration files for unauthorized modifications

Restrict File Permissions

windows

Set strict permissions on SoftPaq configuration files to prevent unauthorized writes

icacls "C:\Path\To\SoftPaq\Config\*.cfg" /inheritance:r /grant:r "SYSTEM:(F)" /grant:r "Administrators:(F)"

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized file modifications
  • Deploy application allowlisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check HP Support site with your product details or review installed SoftPaq versions against advisory

Check Version:

Check HP software version through Control Panel > Programs and Features or vendor-specific management tools

Verify Fix Applied:

Verify updated SoftPaq installation and check file integrity of configuration files

📡 Detection & Monitoring

Log Indicators:

  • Unexpected modifications to SoftPaq configuration files
  • Unusual process execution following file changes

Network Indicators:

  • Outbound connections from HP software processes to unexpected destinations

SIEM Query:

EventID=4663 AND ObjectName LIKE '%SoftPaq%' AND Accesses='WRITE_DAC' OR Accesses='WRITE_OWNER'

📊 Metadata

CVE ID: CVE-2024-28893
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-94
Published: May 1, 2024
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28893, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)