CVE-2019-11660
CVE-2019-11660
Vexday Risk Score
38Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 7.8%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
13 Sep 2019Metasploit module available
13 Sep 2019Published on NVD
04 Nov 2019Public PoC
Weaponization speed
51 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
Affected products
n/a · Data Protectorpublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47580unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.