CVE-2019-16287

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
hpCNA
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
hpthinpro
6.2
hpthinpro
6.2.1
hpthinpro
7.0
hpthinpro
7.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
hpthinpro_linux
6.2
CNA
hpthinpro_linux
6.2.1
CNA
hpthinpro_linux
7.0
CNA
hpthinpro_linux
7.1
CNA
References
http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2020/Mar/38
https://support.hp.com/us-en/document/c06509350
http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2020/Mar/38
https://support.hp.com/us-en/document/c06509350