Vulnerabilites related to hp - thinpro
CVE-2019-18909 (GCVE-0-2019-18909)
Vulnerability from cvelistv5
Published
2019-11-22 21:38
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privileged Command Injection
Summary
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP | ThinPro Linux |
Version: 6.2 Version: 6.2.1 Version: 7.0 Version: 7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Citrix command injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinPro Linux",
"vendor": "HP",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileged Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T16:06:13",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Citrix command injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2019-18909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinPro Linux",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "HP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hp.com/us-en/document/c06509350",
"refsource": "CONFIRM",
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Citrix command injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/39"
},
{
"name": "http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2019-18909",
"datePublished": "2019-11-22T21:38:59",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16287 (GCVE-0-2019-16287)
Vulnerability from cvelistv5
Published
2019-11-22 21:30
Modified
2024-08-05 01:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP | ThinPro Linux |
Version: 6.2 Version: 6.2.1 Version: 7.0 Version: 7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Privilege escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinPro Linux",
"vendor": "HP",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-01T18:02:37",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Privilege escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2019-16287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinPro Linux",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "HP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hp.com/us-en/document/c06509350",
"refsource": "CONFIRM",
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Privilege escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/38"
},
{
"name": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2019-16287",
"datePublished": "2019-11-22T21:30:53",
"dateReserved": "2019-09-13T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18910 (GCVE-0-2019-18910)
Vulnerability from cvelistv5
Published
2019-11-22 21:23
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Command Injection
Summary
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP | ThinPro Linux |
Version: 6.2 Version: 6.2.1 Version: 7.0 Version: 7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Privileged command injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinPro Linux",
"vendor": "HP",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T16:06:09",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Privileged command injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2019-18910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinPro Linux",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "HP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hp.com/us-en/document/c06509350",
"refsource": "CONFIRM",
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Privileged command injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/40"
},
{
"name": "http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2019-18910",
"datePublished": "2019-11-22T21:23:52",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1602 (GCVE-0-2022-1602)
Vulnerability from cvelistv5
Published
2022-09-13 14:51
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthorized modification of certain files
Summary
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HP ThinPro OS |
Version: before SP10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HP ThinPro OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before SP10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized modification of certain files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T14:51:42",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2022-1602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP ThinPro OS",
"version": {
"version_data": [
{
"version_value": "before SP10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized modification of certain files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789",
"refsource": "MISC",
"url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-1602",
"datePublished": "2022-09-13T14:51:42",
"dateReserved": "2022-05-05T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2740 (GCVE-0-2017-2740)
Vulnerability from cvelistv5
Published
2018-01-23 16:00
Modified
2024-09-16 21:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Escalation of Privilege
Summary
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP ThinPro |
Version: 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBHF03553",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/c05379294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HP ThinPro",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-23T15:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBHF03553",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://support.hp.com/us-en/document/c05379294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"DATE_PUBLIC": "2017-01-17T00:00:00",
"ID": "CVE-2017-2740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP ThinPro",
"version": {
"version_data": [
{
"version_value": "6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4"
}
]
}
}
]
},
"vendor_name": "HP Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBHF03553",
"refsource": "HP",
"url": "https://support.hp.com/us-en/document/c05379294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2017-2740",
"datePublished": "2018-01-23T16:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T21:02:40.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2246 (GCVE-0-2016-2246)
Vulnerability from cvelistv5
Published
2016-12-29 09:02
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PSR-2016-0091",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
},
{
"name": "93904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93904"
},
{
"name": "HPSBHF3550",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T10:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "PSR-2016-0091",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
},
{
"name": "93904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93904"
},
{
"name": "HPSBHF3550",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2016-2246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PSR-2016-0091",
"refsource": "HP",
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
},
{
"name": "93904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93904"
},
{
"name": "HPSBHF3550",
"refsource": "HP",
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2016-2246",
"datePublished": "2016-12-29T09:02:00",
"dateReserved": "2016-02-08T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-12-29 09:59
Modified
2025-04-12 10:46
Severity ?
Summary
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676 | Patch, Vendor Advisory | |
| hp-security-alert@hp.com | http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676 | Patch, Vendor Advisory | |
| hp-security-alert@hp.com | http://www.securityfocus.com/bid/93904 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93904 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:thinpro:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3E8CB9-C977-4B86-8984-5F7585434EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78A43F43-940D-4DF3-8DBF-36B8334828EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "517F75B9-02A2-4085-8856-DBDA2FBF0526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93AA95-2DB8-4DAD-B2B7-3A434B8AC8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8252B8D-6743-4F8D-AAAD-65B1C637A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1947C6-A708-4A18-85B8-C964C1832433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC121F9-D429-4E58-B486-2C6441826A1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "HP ThinPro 4.4 hasta la versi\u00f3n 6.1 no maneja adecuadamente el panel de control de dise\u00f1o de teclado y la aplicaci\u00f3n de teclado virtual, lo que permite a usuarios locales eludir las restricciones destinadas al acceso y obtener privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-2246",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-29T09:59:00.133",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93904"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 22:15
Modified
2024-11-21 04:33
Severity ?
Summary
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| hp-security-alert@hp.com | http://seclists.org/fulldisclosure/2020/Mar/39 | Mailing List, Third Party Advisory | |
| hp-security-alert@hp.com | https://support.hp.com/us-en/document/c06509350 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Mar/39 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/c06509350 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:thinpro:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3690A60E-FF1E-48D3-A3B0-A2A09B381D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52CF5AE-B169-4DF0-8680-0090AC0BAB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57986577-5CED-4480-85AE-80B175820158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D71F8BCD-3262-4FC4-8E51-A3D64EA59B5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges."
},
{
"lang": "es",
"value": "El software VPN dentro de HP ThinPro no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutar\u00e1n con privilegios de root."
}
],
"id": "CVE-2019-18909",
"lastModified": "2024-11-21T04:33:49.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T22:15:11.327",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/39"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 15:15
Modified
2024-11-21 06:41
Severity ?
Summary
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:thinpro:7.2:sp8:*:*:*:*:*:*",
"matchCriteriaId": "4C0CDEFD-70C8-4E54-AD2C-BCEEE7F996F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:mt21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E137D9-11DA-4D32-8D47-33437C4B9B78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:mt22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B1E2-599A-42B6-A8B9-B6BAE0392AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:mt32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7D0BF7-E4FD-45DB-8434-E1E1D14C8D9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:mt45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD51E634-1DC3-468D-BA97-2390C37C1244",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:mt46:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E424F17B-06C0-4630-8797-14FEC810AD08",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "101BB9A6-E730-4BAE-A824-8B9D68F5A6C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C73DAA94-81CE-40CF-BFF0-ACE67D6D4280",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA282389-B256-4E59-966A-F45533AB0D0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EEE389-8B47-4988-9C13-7D78302BF4D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFDD3D12-908A-4165-8099-D2E81C938CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t628:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E211855B-CC97-4465-BB6B-6A21BE49EB8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFFE956-921E-43DE-B4A5-97DDCC12B69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t638:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2328866-4483-4586-91A2-CEBABDA87426",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7755FA5A-34A1-43B4-ABE3-34166A706B02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:t740:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4CF900-3C60-4D6E-8AFC-1B857572B3DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de seguridad en HP ThinPro versi\u00f3n 7.2 Service Pack 8 (SP8). La vulnerabilidad de seguridad en el SP8 no es mitigada despu\u00e9s de actualizar del SP8 al Service Pack 9 (SP9). HP ha lanzado el Service Pack 10 (SP10) para mitigar la posible vulnerabilidad introducida en el SP8"
}
],
"id": "CVE-2022-1602",
"lastModified": "2024-11-21T06:41:03.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T15:15:08.400",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-23 16:29
Modified
2024-11-21 03:24
Severity ?
Summary
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | https://support.hp.com/us-en/document/c05379294 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/c05379294 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:thinpro:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3E8CB9-C977-4B86-8984-5F7585434EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78A43F43-940D-4DF3-8DBF-36B8334828EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "517F75B9-02A2-4085-8856-DBDA2FBF0526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93AA95-2DB8-4DAD-B2B7-3A434B8AC8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8252B8D-6743-4F8D-AAAD-65B1C637A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC121F9-D429-4E58-B486-2C6441826A1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device."
},
{
"lang": "es",
"value": "Se ha identificado una potencial vulnerabilidad de seguridad en el shell de l\u00ednea de comandos del sistema operativo HP ThinPro 6.1, 5.2.1, 5.2, 5.1, 5.0 y 4.4. La vulnerabilidad podr\u00eda resultar en una elevaci\u00f3n de privilegios locales sin autorizaci\u00f3n en un dispositivo cliente HP thin."
}
],
"id": "CVE-2017-2740",
"lastModified": "2024-11-21T03:24:05.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-23T16:29:00.647",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c05379294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c05379294"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 22:15
Modified
2024-11-21 04:33
Severity ?
Summary
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| hp-security-alert@hp.com | http://seclists.org/fulldisclosure/2020/Mar/40 | Mailing List, Third Party Advisory | |
| hp-security-alert@hp.com | https://support.hp.com/us-en/document/c06509350 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Mar/40 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/c06509350 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:thinpro:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3690A60E-FF1E-48D3-A3B0-A2A09B381D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52CF5AE-B169-4DF0-8680-0090AC0BAB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57986577-5CED-4480-85AE-80B175820158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D71F8BCD-3262-4FC4-8E51-A3D64EA59B5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges."
},
{
"lang": "es",
"value": "La funci\u00f3n de contenedor Citrix Receiver no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutar\u00e1n con privilegios de usuario local."
}
],
"id": "CVE-2019-18910",
"lastModified": "2024-11-21T04:33:49.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T22:15:11.373",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/40"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 22:15
Modified
2024-11-21 04:30
Severity ?
Summary
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:thinpro:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3690A60E-FF1E-48D3-A3B0-A2A09B381D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52CF5AE-B169-4DF0-8680-0090AC0BAB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57986577-5CED-4480-85AE-80B175820158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:thinpro:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D71F8BCD-3262-4FC4-8E51-A3D64EA59B5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges."
},
{
"lang": "es",
"value": "En HP ThinPro Linux 6.2, 6.2.1, 7.0 y 7.1, un atacante puede aprovechar la vulnerabilidad de omisi\u00f3n del filtro de la aplicaci\u00f3n para obtener acceso privilegiado para crear un archivo en el sistema de archivos local cuya presencia pone el dispositivo en modo administrativo, lo que Permitir al atacante ejecutar comandos con privilegios elevados."
}
],
"id": "CVE-2019-16287",
"lastModified": "2024-11-21T04:30:27.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T22:15:11.250",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://seclists.org/fulldisclosure/2020/Mar/38"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Mar/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}