CVE-2019-18909

Published: Nov 22, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.

Vendor	Product	Versions
HP	ThinPro Linux	affected `6.2` affected `6.2.1` affected `7.0` affected `7.1`

References

https://support.hp.com/us-en/document/c06509350

x_refsource_CONFIRM

20200324 HP ThinPro - Citrix command injection

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-18909

Description

Affected Products

References