CVE-2024-27458

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_11342101-11342130-16/hpsbhf03977

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una posible vulnerabilidad de seguridad en el software HP Hotkey Support, que podría permitir la escalada local de privilegios. HP está lanzando una mitigación para la posible vulnerabilidad. Se recomienda a los clientes que utilizan HP Programmable Key que actualicen HP Hotkey Support.

07 Oct 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-07 17:15

Updated : 2026-06-17 07:19

NVD link : CVE-2024-27458

Mitre link : CVE-2024-27458

CVE.ORG link : CVE-2024-27458

JSON object : View

Products Affected

No product.

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2024-27458", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-27458", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2024-10-07T18:17:19.466702Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "affected": [{"source": "hp-security-alert@hp.com", "affectedData": [{"vendor": "HP, Inc.", "product": "HP Hotkey Support", "versions": [{"status": "affected", "version": "See HP Security Bulletin reference for affected versions."}], "defaultStatus": "unknown"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "affectedData": [{"cpes": ["cpe:2.3:o:hp:engage_go_10_mobile_system_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:engage_go_13.5_inch_mobile_system_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:zbook_studio_16_inch_g9_mobile_workstation_pc_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:zbook_fury_16_g9_mobile_workstation_pc_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:zbook_firefly_15_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:zbook_14u_g6_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:zbook_15u_g6_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:zbook_firefly_14_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_x360_435_g7_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_x360_435_g8_notebook_pc_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_x360_11_g7_education_edition_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_650_g5_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_650_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_640_g5_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_640_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_635_aero_g7_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:probook_430_g3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_860_16_inch_g9_notebook_pc_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_855_g7_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_855_g8_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_845_14_inch_g9_notebook_pc_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_845_g7_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_845_g8_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_835_13_inch_g9_notebook_pc_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_830_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_830_g8_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_835_g7_firmware:01.10.00:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_835_g8_firmware:01.09.10:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_840_aero_g8_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_840_g6_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_840_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_840_g8_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_850_g6_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_850_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_x360_830_g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elitebook_x360_830_g8_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elite_dragonfly_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elite_dragonfly_g2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:hp:elite_dragonfly_max_firmware:-:*:*:*:*:*:*:*"], "vendor": "hp", "product": "elite_dragonfly_max_firmware", "versions": [{"status": "affected", "version": "8.10.42.190", "lessThan": "8.10.42.190_rev1", "versionType": "custom"}], "defaultStatus": "unknown"}]}], "published": "2024-10-07T17:15:15.297", "references": [{"url": "https://support.hp.com/us-en/document/ish_11342101-11342130-16/hpsbhf03977", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el software HP Hotkey Support, que podr\u00eda permitir la escalada local de privilegios. HP est\u00e1 lanzando una mitigaci\u00f3n para la posible vulnerabilidad. Se recomienda a los clientes que utilizan HP Programmable Key que actualicen HP Hotkey Support."}], "lastModified": "2026-06-17T07:19:56.027", "sourceIdentifier": "hp-security-alert@hp.com"}