HP ThinPro Linux Arbitrary Code Execution Vulnerability (CNVD-2019-43735)

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro Linux that stems from a failure of the VPN software to securely process user-submitted input. The vulnerability can be exploited by an attacker t...

HP ThinPro Linux Elevation of Privilege Vulnerability

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro Linux. An attacker could exploit the vulnerability to obtain elevated privileges, create files on the local file system, and then execute command...

HP ThinPro Linux Information Disclosure Vulnerability

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro Linux. An attacker could exploit the vulnerability to transfer sensitive information to a local drive...

HP ThinPro Linux Arbitrary Code Execution Vulnerability (CNVD-2019-43732)

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro Linux. An attacker could exploit this vulnerability to bypass the operating system application filter and execute arbitrary operating system...

HP ThinPro Linux Arbitrary Code Execution Vulnerability

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro Linux that stems from the Citrix Receiver wrapper function not securely handling user-submitted input. An attacker could exploit the vulnerabilit...

CVE-2019-16287

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed command...

CVE-2019-18909

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges...

CVE-2019-18909

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges...

CVE-2019-16287

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed command...

Design/Logic Flaw

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed command...

Input validation

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges...

CVE-2019-18909

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges...

CVE-2019-18909

HP ThinPro VPN command-injection (CVE-2019-18909) arises from unsafe handling of user input, enabling potential command execution with root privileges. Affected HP ThinPro Linux versions include 6.2, 6.2.1, 7.0, and 7.1 (Citrix-related component in 6.x/7.x). The issue is documented across multipl...

CVE-2019-16287

CVE-2019-16287 affects HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, where an application filter bypass can allow an attacker to create a local file and enter Administrative Mode, enabling elevated commands. The issue is addressed by HP with multiple patches: HP Firefox 60.9.0esr for ThinPro 6.2–7.1 ...

CVE-2019-16287

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed command...

HP ThinPro Linux Multiple Security Vulnerabilities

Description HP ThinPro Linux is prone to multiple security vulnerabilities. A local attacker can exploit these issues to obtain sensitive information,execute arbitrary code and gain elevated privileges. This may aid in further attacks. Technologies Affected HP ThinPro Linux x86 6.2 HP ThinPro Lin...

HPSBHF03642 rev. 2 - HP ThinPro Linux Information Disclosure and Privilege Escalation

Potential Security Impact Information Disclosure, Privilege Escalation, and Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported by: Eldar Marcussen - xen1thLabs - Software Labs PSR-2019-0173, CVE-2019-16285, CVE-2019-16286, CVE-2019-16287, CVE-2019-18909,...

HP ThinPro OS Elevation of Privilege Vulnerability

HP ThinPro operating system is a set of operating systems from Hewlett-Packard HP that run on thin client devices. An elevation of privilege vulnerability exists in the command line shell in the HP ThinPro operating system. An attacker could exploit this vulnerability to gain elevation of privile...

Design/Logic Flaw

A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device...

CVE-2017-2740

A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device...