Information Disclosure in HP ThinPro by HP Inc.
CVE-2019-16285

4.6MEDIUM

Key Information:

Vendor: HP
Status: Thinpro Linux
Vendor: CVE Published:; 22 November 2019

🔔 Create HP Vulnerability Alert

What is CVE-2019-16285?

An information disclosure vulnerability exists in HP ThinPro that allows an unauthenticated attacker with physical access to the device to extract sensitive data onto a local drive. This vulnerability can potentially compromise user privacy and system integrity, emphasizing the necessity for physical security measures and proper access control mechanisms.

Affected Version(s)

ThinPro Linux 6.2

ThinPro Linux 6.2.1

ThinPro Linux 7.0

References

https://support.hp.com/us-en/document/c06509350

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2020/Mar/30

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/156895/HP-ThinPro-6....

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2019
Vulnerability Reserved
Sep 13, 2019

.