CVE-1999-1145 is a high-severity vulnerability affecting the Glance programs within GlancePlus software on HP-UX operating systems version 10.20 and earlier, including versions 9, 10.01, and 10.10. GlancePlus is a performance monitoring tool used on HP-UX systems. This vulnerability allows local users—meaning an attacker must have some level of access to the system—to exploit flaws in the Glance programs to access arbitrary files and escalate their privileges. The vulnerability impacts confidentiality, integrity, and availability, as it enables unauthorized file access and privilege escalation, potentially allowing attackers to gain root or administrative control over the affected system. The CVSS v2 score of 7.2 reflects a high severity, with an attack vector limited to local access (AV:L), low attack complexity (AC:L), no authentication required (Au:N), and complete impact on confidentiality, integrity, and availability (C:C/I:C/A:C). No patches are available for this vulnerability, and there are no known exploits in the wild, likely due to the age of the vulnerability and the declining use of HP-UX 10.x systems. However, the risk remains for legacy systems still in operation, especially in environments where HP-UX is used for critical infrastructure or legacy applications.

For European organizations, the impact of this vulnerability depends largely on the presence of HP-UX 10.x systems running GlancePlus. Organizations in sectors such as manufacturing, telecommunications, utilities, and government that historically used HP-UX for mission-critical applications may be at risk if legacy systems remain operational. Exploitation could lead to unauthorized access to sensitive files, disruption of system monitoring, and full system compromise through privilege escalation. This could result in data breaches, operational downtime, and loss of trust. Given the local access requirement, the threat is more significant in environments where multiple users have local system access or where attackers can gain initial foothold through other means. The lack of patches means organizations must rely on compensating controls. The vulnerability's age and lack of known exploits suggest a lower likelihood of widespread attacks, but targeted attacks against legacy systems remain a concern.

Since no official patches are available, European organizations should implement strict access controls to limit local user access to HP-UX systems running GlancePlus. This includes enforcing the principle of least privilege, ensuring only trusted administrators have local access. Organizations should consider disabling or uninstalling GlancePlus if it is not essential. If GlancePlus is required, running it with minimal privileges and isolating affected systems within segmented network zones can reduce risk. Monitoring and auditing local user activities on HP-UX systems can help detect suspicious behavior early. Additionally, organizations should plan to migrate legacy HP-UX 10.x systems to supported versions or alternative platforms to eliminate exposure. Employing host-based intrusion detection systems (HIDS) and integrity monitoring can provide further protection. Finally, educating system administrators about this vulnerability and its risks is critical to maintaining vigilance.