Local privilege escalation by file manipulation on HP Image Assistant for versions prior to 5.3.3
Overview of HP Image Assistant:
HP Image Assistant (HPIA) is a system-configuration and update utility designed to help administrators analyze HP client platforms, compare installed components against HP-recommended baselines, and apply driver, firmware, and security updates delivered through HP SoftPaq packages. HPIA and the associated SoftPaq update workflow are widely deployed across enterprise environments for maintaining device health and ensuring consistent configuration management.
Vulnerability Description:
WithSecure Exposure Management discovered a privilege escalation vulnerability affecting the HP SoftPaq update flow as used by HP Image Assistant and related update mechanisms. During the update process, intermediary components of the SoftPaq execution chain temporarily store update executables in locations that allow write access to non-privileged users. These executables are subsequently launched with elevated privileges as part of the automated update routine.
A design weakness in this flow creates a race condition window between the moment an update binary is written to disk and the moment it is executed with SYSTEM-level privileges. Because the update mechanism delegates execution to a privileged system process that does not enforce integrity validation on the target file, a low-privilege attacker with write access to the staging directory could opportunistically modify or replace the binary during this brief interval.
Successful exploitation would allow an attacker to introduce and execute arbitrary code with SYSTEM privileges, leading to full compromise of the host. No prior administrative rights are required, and exploitation can occur in environments where automated SoftPaq updates are enabled.
This issue was identified through WithSecure Exposure Management AI across multiple SoftPaq packages and appears to stem from systemic characteristics of the update chain rather than a single package.
Affected Software:
HP Image Assistant for versions prior to 5.3.3
Resolution:
Check referenced HP support page when an update is available