Information Disclosure in HP ThinPro by HP Inc.
CVE-2019-16285

4.6MEDIUM

Key Information:

Vendor
HP
Status
Thinpro Linux
Vendor
CVE Published:
22 November 2019

Summary

An information disclosure vulnerability exists in HP ThinPro that allows an unauthenticated attacker with physical access to the device to extract sensitive data onto a local drive. This vulnerability can potentially compromise user privacy and system integrity, emphasizing the necessity for physical security measures and proper access control mechanisms.

Affected Version(s)

ThinPro Linux 6.2

ThinPro Linux 6.2.1

ThinPro Linux 7.0

References

https://support.hp.com/us-en/document/c06509350
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2020/Mar/30
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/156895/HP-ThinPro-6....
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.