CVE-1999-1573
Description
Multiple unknown vulnerabilities in HP-UX r-cmnds allow privilege escalation or unauthorized file access; patches available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple unknown vulnerabilities in HP-UX r-cmnds allow privilege escalation or unauthorized file access; patches available.
Vulnerability
Multiple unknown security defects exist in the HP-UX remote network commands (r-cmnds) included in the InternetSrvcs.INETSVCS-RUN fileset. The affected commands are remshd(1M), rexecd(1M), rlogind(1M), rlogin(1), remsh(1), rcp(1), rexec(1), and rdist(1). These vulnerabilities affect HP-UX versions 10.00 through 11.00. The exact nature of the flaws is not publicly disclosed, but they allow unauthorized access to files or privilege escalation [1].
Exploitation
An attacker can exploit these vulnerabilities remotely over the network. No authentication is required, as the r-cmnds are designed to provide remote access services. The specific exploitation steps are not detailed in the available references, but the flaws can be triggered by sending crafted requests to the vulnerable services [1].
Impact
Successful exploitation allows an attacker to gain increased privileges on the system or access files that would normally be restricted. This compromises both confidentiality and integrity of the affected HP-UX systems [1].
Mitigation
HP released cumulative patches to address these defects. For HP-UX 10.00, 10.01, and 10.10, install patch PHNE_13618. For HP-UX 10.20 and 10.30, install PHNE_13619. For HP-UX 11.00, install PHNE_16091. The HP VirtualVault product (HP-UX 10.24) is not affected. No workarounds are documented; applying the appropriate patch is the recommended solution [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.auscert.org.au/render.htmlnvdPatch
- www.ciac.org/ciac/bulletins/j-022.shtmlnvdPatch
- www.securityfocus.com/advisories/1471nvdPatch
- www.kb.cert.org/vuls/id/13217nvdUS Government Resource
- exchange.xforce.ibmcloud.com/vulnerabilities/7860nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5550nvd
News mentions
0No linked articles in our index yet.