5 results (0.005 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands. Un atacante puede ser capaz de omitir el filtro de aplicación del sistema operativo destinado a restringir las aplicaciones que pueden ser ejecutadas mediante el cambio de las preferencias del navegador para iniciar un proceso separado que a su vez puede ejecutar comandos arbitrarios. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from an application filter bypass vulnerability. • http://packetstormsecurity.com/files/156898/HP-ThinPro-6.x-7.x-Filter-Bypass.html http://seclists.org/fulldisclosure/2020/Mar/37 https://support.hp.com/us-en/document/c06509350 • CWE-287: Improper Authentication •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. Si un usuario local se configuró e inició sesión, un atacante no autenticado con acceso físico puede extraer información confidencial en una unidad local. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability. • http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html http://seclists.org/fulldisclosure/2020/Mar/30 https://support.hp.com/us-en/document/c06509350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 1

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. El software VPN dentro de HP ThinPro no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutarán con privilegios de root. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a Citrix receiver connection wrapper command injection vulnerability. • http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/39 https://support.hp.com/us-en/document/c06509350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges. En HP ThinPro Linux 6.2, 6.2.1, 7.0 y 7.1, un atacante puede aprovechar la vulnerabilidad de omisión del filtro de la aplicación para obtener acceso privilegiado para crear un archivo en el sistema de archivos local cuya presencia pone el dispositivo en modo administrativo, lo que Permitir al atacante ejecutar comandos con privilegios elevados. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local privilege escalation vulnerability. • http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Mar/38 https://support.hp.com/us-en/document/c06509350 •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. La función de contenedor Citrix Receiver no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutarán con privilegios de usuario local. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a privileged command injection vulnerability. • http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/40 https://support.hp.com/us-en/document/c06509350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •