|CVSS SCORE||6.8, (AV:L/AC:L/Au:S/C:C/I:C/A:C)|
The specific flaw exists within the configuration of directories created during installation of the product. The implementing code for many COM objects used by newly-created services, which run in an elevated privilege, is installed in a folder with weak security control.
09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted users.
|CREDIT||Fritz Sands - HPE Zero Day Initiative