CVE-2019-18910 – HP ThinPro 6.x / 7.x Privileged Command Injection
https://notcve.org/view.php?id=CVE-2019-18910
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. La función de contenedor Citrix Receiver no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutarán con privilegios de usuario local. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a privileged command injection vulnerability. • http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/40 https://support.hp.com/us-en/document/c06509350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-2740
https://notcve.org/view.php?id=CVE-2017-2740
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device. Se ha identificado una potencial vulnerabilidad de seguridad en el shell de línea de comandos del sistema operativo HP ThinPro 6.1, 5.2.1, 5.2, 5.1, 5.0 y 4.4. La vulnerabilidad podría resultar en una elevación de privilegios locales sin autorización en un dispositivo cliente HP thin. • https://support.hp.com/us-en/document/c05379294 •
CVE-2016-2246 – HP Thin Pro OS Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-2246
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. HP ThinPro 4.4 hasta la versión 6.1 no maneja adecuadamente el panel de control de diseño de teclado y la aplicación de teclado virtual, lo que permite a usuarios locales eludir las restricciones destinadas al acceso y obtener privilegios a través de vectores no especificados. HP Thin Pro OS suffers from a local privilege escalation vulnerability. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676 http://www.securityfocus.com/bid/93904 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2124
https://notcve.org/view.php?id=CVE-2015-2124
Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. Vulnerabilidad no especificada en Easy Setup Wizard en HP ThinPro Linux 4.1 hasta 5.1 y Smart Zero Core 4.3 y 4.4 permite a usuarios locales evadir las restricciones de acceso y ganar privilegios a través de vectores desconocidos. • http://www.securityfocus.com/bid/74897 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275 •