CVE-2022-1602
https://notcve.org/view.php?id=CVE-2022-1602
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8. Se ha identificado una posible vulnerabilidad de seguridad en HP ThinPro versión 7.2 Service Pack 8 (SP8). La vulnerabilidad de seguridad en el SP8 no es mitigada después de actualizar del SP8 al Service Pack 9 (SP9). • https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789 •
CVE-2019-16286 – HP ThinPro 6.x / 7.x Filter Bypass
https://notcve.org/view.php?id=CVE-2019-16286
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands. Un atacante puede ser capaz de omitir el filtro de aplicación del sistema operativo destinado a restringir las aplicaciones que pueden ser ejecutadas mediante el cambio de las preferencias del navegador para iniciar un proceso separado que a su vez puede ejecutar comandos arbitrarios. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from an application filter bypass vulnerability. • http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html http://seclists.org/fulldisclosure/2020/Mar/37 https://support.hp.com/us-en/document/c06509350 • CWE-287: Improper Authentication •
CVE-2019-16285 – HP ThinPro 6.x / 7.x Information Disclosure
https://notcve.org/view.php?id=CVE-2019-16285
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. Si un usuario local se configuró e inició sesión, un atacante no autenticado con acceso físico puede extraer información confidencial en una unidad local. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability. • http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html http://seclists.org/fulldisclosure/2020/Mar/30 https://support.hp.com/us-en/document/c06509350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-18909 – HP ThinPro 6.x / 7.x Citrix Command Injection
https://notcve.org/view.php?id=CVE-2019-18909
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. El software VPN dentro de HP ThinPro no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutarán con privilegios de root. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a Citrix receiver connection wrapper command injection vulnerability. • http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/39 https://support.hp.com/us-en/document/c06509350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-16287 – HP ThinPro 6.x / 7.x Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-16287
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges. En HP ThinPro Linux 6.2, 6.2.1, 7.0 y 7.1, un atacante puede aprovechar la vulnerabilidad de omisión del filtro de la aplicación para obtener acceso privilegiado para crear un archivo en el sistema de archivos local cuya presencia pone el dispositivo en modo administrativo, lo que Permitir al atacante ejecutar comandos con privilegios elevados. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local privilege escalation vulnerability. • http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Mar/38 https://support.hp.com/us-en/document/c06509350 •