Vulnerabilites related to hp - thinpro_linux
CVE-2015-2124 (GCVE-0-2015-2124)
Vulnerability from cvelistv5
Published
2015-06-05 10:00
Modified
2024-08-06 05:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT102045",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"name": "HPSBHF03340",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"name": "74897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T16:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT102045",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"name": "HPSBHF03340",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"name": "74897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74897"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-2124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT102045",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"name": "HPSBHF03340",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"name": "74897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74897"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2015-2124",
"datePublished": "2015-06-05T10:00:00",
"dateReserved": "2015-02-27T00:00:00",
"dateUpdated": "2024-08-06T05:02:43.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16285 (GCVE-0-2019-16285)
Vulnerability from cvelistv5
Published
2019-11-22 21:44
Modified
2024-08-05 01:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure.
Summary
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP | ThinPro Linux |
Version: 6.2 Version: 6.2.1 Version: 7.0 Version: 7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Information disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinPro Linux",
"vendor": "HP",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T16:06:08",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Information disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2019-16285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinPro Linux",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "HP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hp.com/us-en/document/c06509350",
"refsource": "CONFIRM",
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Information disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/30"
},
{
"name": "http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2019-16285",
"datePublished": "2019-11-22T21:44:22",
"dateReserved": "2019-09-13T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16286 (GCVE-0-2019-16286)
Vulnerability from cvelistv5
Published
2019-11-22 21:49
Modified
2024-08-05 01:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Application filter bypass and arbitrary command execution.
Summary
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP | ThinPro Linux |
Version: 6.2 Version: 6.2.1 Version: 7.0 Version: 7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Application filter bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinPro Linux",
"vendor": "HP",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Application filter bypass and arbitrary command execution.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T16:06:11",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Application filter bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2019-16286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinPro Linux",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "HP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Application filter bypass and arbitrary command execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hp.com/us-en/document/c06509350",
"refsource": "CONFIRM",
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"name": "20200324 HP ThinPro - Application filter bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/37"
},
{
"name": "http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2019-16286",
"datePublished": "2019-11-22T21:49:18",
"dateReserved": "2019-09-13T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-22 22:15
Modified
2024-11-21 04:30
Severity ?
Summary
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | thinpro_linux | 6.2 | |
| hp | thinpro_linux | 6.2.1 | |
| hp | thinpro_linux | 7.0 | |
| hp | thinpro_linux | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6059DA4F-17DB-4837-9017-3491FD089356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "185A85FB-69BF-470B-A701-876F2622213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "357F499E-ED43-4612-9D8A-DC9B7B32C7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24BB4C78-3C43-49C7-9C32-98894031C527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive."
},
{
"lang": "es",
"value": "Si un usuario local se configur\u00f3 e inici\u00f3 sesi\u00f3n, un atacante no autenticado con acceso f\u00edsico puede extraer informaci\u00f3n confidencial en una unidad local."
}
],
"id": "CVE-2019-16285",
"lastModified": "2024-11-21T04:30:27.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T22:15:11.093",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://seclists.org/fulldisclosure/2020/Mar/30"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Mar/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-05 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | smart_zero_core | 4.3 | |
| hp | smart_zero_core | 4.4 | |
| hp | thinpro_linux | 4.1 | |
| hp | thinpro_linux | 4.2 | |
| hp | thinpro_linux | 4.3 | |
| hp | thinpro_linux | 4.4 | |
| hp | thinpro_linux | 5.0 | |
| hp | thinpro_linux | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:smart_zero_core:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E184306-5EE7-4A9F-84D7-2BA2CD7BAD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:smart_zero_core:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20AEE1-4797-4506-9296-6A3ED5D1E078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C0E569-348A-4E25-B757-B16563E4F892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E70CFFE1-B05D-4C27-9292-4639E894118D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98DA2377-4E1E-40F8-8334-AF80BE85C587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FE971B-8B07-46B6-93A9-A5526F5E4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1F49CA-1AB8-4C31-9CD9-A06A1012F7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1122A6-26BD-4E5D-A179-81963909C89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Easy Setup Wizard en HP ThinPro Linux 4.1 hasta 5.1 y Smart Zero Core 4.3 y 4.4 permite a usuarios locales evadir las restricciones de acceso y ganar privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-2124",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-05T10:59:03.270",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/74897"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 22:15
Modified
2024-11-21 04:30
Severity ?
Summary
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | thinpro_linux | 6.2 | |
| hp | thinpro_linux | 6.2.1 | |
| hp | thinpro_linux | 7.0 | |
| hp | thinpro_linux | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6059DA4F-17DB-4837-9017-3491FD089356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "185A85FB-69BF-470B-A701-876F2622213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "357F499E-ED43-4612-9D8A-DC9B7B32C7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:thinpro_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24BB4C78-3C43-49C7-9C32-98894031C527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands."
},
{
"lang": "es",
"value": "Un atacante puede ser capaz de omitir el filtro de aplicaci\u00f3n del sistema operativo destinado a restringir las aplicaciones que pueden ser ejecutadas mediante el cambio de las preferencias del navegador para iniciar un proceso separado que a su vez puede ejecutar comandos arbitrarios."
}
],
"id": "CVE-2019-16286",
"lastModified": "2024-11-21T04:30:27.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T22:15:11.187",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://seclists.org/fulldisclosure/2020/Mar/37"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Mar/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06509350"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}