Application Filter Bypass in HP ThinPro by Changing Browser Preferences
CVE-2019-16286

6.8MEDIUM

Key Information:

Vendor

HP
Status
Thinpro Linux
Vendor
CVE Published:
22 November 2019

What is CVE-2019-16286?

This vulnerability allows attackers to bypass the application filter designed to restrict executable applications on HP ThinPro. By manipulating browser settings, an attacker can launch an external process that executes arbitrary commands, posing significant security risks. Users of HP ThinPro 6.x and 7.x should be aware of this issue and implement security measures to mitigate potential exploitation.

Affected Version(s)

ThinPro Linux 6.2

ThinPro Linux 6.2.1

ThinPro Linux 7.0

References

https://support.hp.com/us-en/document/c06509350
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2020/Mar/37
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/156898/HP-ThinPro-6....
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.