Rewterz Threat Alert – Patchwork: An Indian Advanced Persistent Threat (APT) Group Focusing on Pakistan – Active IOCs
October 19, 2023Rewterz Threat Alert – Discovery of Malware Sample in E-commerce Blog Site Compromise – Active IOCs
October 19, 2023Rewterz Threat Alert – Patchwork: An Indian Advanced Persistent Threat (APT) Group Focusing on Pakistan – Active IOCs
October 19, 2023Rewterz Threat Alert – Discovery of Malware Sample in E-commerce Blog Site Compromise – Active IOCs
October 19, 2023Severity
High
Analysis Summary
CVE-2023-5365 CVSS:7.1
HP LIFE Android Mobile could allow a remote attacker to gain elevated privileges on the system, caused by an unspecified flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges and/or obtain sensitive information.
CVE-2023-5409 CVSS:7.3
HP displays are vulnerable to data tampering. By using a publicly-disclosed private key, a physical attacker could exploit this vulnerability to tamper with the system firmware.
Impact
- Privileges Escalation
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-5365
- CVE-2023-5409
Affected Vendors
HP
Affected Products
- HP LIFE Android Mobile
- HP N41 BIOS 00.01.13
- HP N44 BIOS 00.02.10
- HP N43 BIOS 1.14
Remediation
Refer to HP Security Advisory for patch, upgrade or suggested workaround information.