Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.7
CVSSv2

CVE-2019-18909

Published: 22/11/2019 Updated: 01/01/2022
CVSS v2 Base Score: 7.7 | Impact Score: 10 | Exploitability Score: 5.1
CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1
VMScore: 685
Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Thinpro

Vulnerability Summary

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an malicious user to inject commands that will execute with root privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hp thinpro 6.2

hp thinpro 6.2.1

hp thinpro 7.0

hp thinpro 7.1

Vendor Advisories

HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03642 rev. 2 - HP ThinPro Linux Information Disclosure and Privilege Escalation
Potential security vulnerabilities have been identified with certain versions of HP ThinPro components that may allow unauthorized information disclosure, privilege escalation, and arbitrary code execution ...
HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03642 rev. 2 - HP ThinPro Linux Information Disclosure and Privilege Escalation
Potential security vulnerabilities have been identified with certain versions of HP ThinPro components that may allow unauthorized information disclosure, privilege escalation, and arbitrary code execution ...

Exploits

Exploit DB: HP ThinPro 6.x / 7.x Citrix Command Injection
HP ThinPro versions 71, 70, 621, and 62 suffer from a Citrix receiver connection wrapper command injection vulnerability ...

References

CWE-78https://support.hp.com/us-en/document/c06509350http://seclists.org/fulldisclosure/2020/Mar/39http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.htmlhttps://support.hp.com//us-en/document/c06509350
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook