Home CVE-2021-3919: Using HP Omen Gaming Center Offensively
Post
Cancel

CVE-2021-3919: Using HP Omen Gaming Center Offensively

Background:

HP OMEN allowed any user who launched OMEN Gaming Hub version 11.9.4.0 to block outbound network traffic. This action required no UAC and could be abused by unprivileged users to block EDR tools and AV software from reporting and using online scanning functionality, affecting any user logged in.

As illustrated in the below screenshot, a user is able to turn off Sophos Home network features. 

HP recognized this as an issue and assigned it a CVSS of 6.5 and a CVE on January 18th 2022.

Timeline:

Sept 27 2021 I alerted HP's product security team about this and was assigned an internal ticket number Oct 4th. 

Oct 21 2021 I received an update from their team and they let me know that this was determined to be a normal function of the software that had been there for years so this won't be viewed as a security vulnerability.

Oct 21 2021 I responded disagreeing with this and asked for it to be re-reviewed.

Oct 28 2021 HP acknowledged this as a vulnerability and I told them I plan on releasing 90 days from this notice unless they wanted longer. 

Jan 10 2022 HP let me know that this was assigned a CVSS of 6.5 and asked that we have a coordinated release on January 18th 2022.

This post is licensed under CC BY 4.0 by the author.