cnvd - cnvd-2019-43731

cnvd-2019-43731

Vulnerability from cnvd

Title: HP ThinPro Linux权限提升漏洞

Description:

HP ThinPro Linux是美国惠普（HP）公司的一套用于HP瘦客户机的操作系统。

HP ThinPro Linux中存在安全漏洞。攻击者可利用该漏洞获取提升的权限，在本地文件系统上创建文件，进而以提升的权限执行命令。

Severity: 高

Patch Name: HP ThinPro Linux权限提升漏洞的补丁

Patch Description:

HP ThinPro Linux是美国惠普（HP）公司的一套用于HP瘦客户机的操作系统。

HP ThinPro Linux中存在安全漏洞。攻击者可利用该漏洞获取提升的权限，在本地文件系统上创建文件，进而以提升的权限执行命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.hp.com/us-en/document/c06509350

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16287

Impacted products

Name
['HP ThinPro Linux 7.1', 'HP ThinPro Linux 7.0', 'HP ThinPro Linux 6.2.1', 'HP ThinPro Linux 6.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-16287"
    }
  },
  "description": "HP ThinPro Linux\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8eHP\u7626\u5ba2\u6237\u673a\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nHP ThinPro Linux\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\uff0c\u5728\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u4e0a\u521b\u5efa\u6587\u4ef6\uff0c\u8fdb\u800c\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.hp.com/us-en/document/c06509350",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43731",
  "openTime": "2019-12-04",
  "patchDescription": "HP ThinPro Linux\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8eHP\u7626\u5ba2\u6237\u673a\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nHP ThinPro Linux\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\uff0c\u5728\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u4e0a\u521b\u5efa\u6587\u4ef6\uff0c\u8fdb\u800c\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP ThinPro Linux\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP ThinPro Linux 7.1",
      "HP ThinPro Linux 7.0",
      "HP ThinPro Linux 6.2.1",
      "HP ThinPro Linux 6.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-16287",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-25",
  "title": "HP ThinPro Linux\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2019-16287 (GCVE-0-2019-16287)

Vulnerability from cvelistv5

Published

2019-11-22 21:30

Modified

2024-08-05 01:10

Severity ?

CWE

Privilege Escalation

Summary

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.

References

▼	URL	Tags
	https://support.hp.com/us-en/document/c06509350	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2020/Mar/38	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	HP	ThinPro Linux	Version: 6.2 Version: 6.2.1 Version: 7.0 Version: 7.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:10:41.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/c06509350"
          },
          {
            "name": "20200324 HP ThinPro - Privilege escalation",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Mar/38"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ThinPro Linux",
          "vendor": "HP",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-01T18:02:37",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hp.com/us-en/document/c06509350"
        },
        {
          "name": "20200324 HP ThinPro - Privilege escalation",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Mar/38"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2019-16287",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ThinPro Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.2"
                          },
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HP"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/c06509350",
              "refsource": "CONFIRM",
              "url": "https://support.hp.com/us-en/document/c06509350"
            },
            {
              "name": "20200324 HP ThinPro - Privilege escalation",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Mar/38"
            },
            {
              "name": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2019-16287",
    "datePublished": "2019-11-22T21:30:53",
    "dateReserved": "2019-09-13T00:00:00",
    "dateUpdated": "2024-08-05T01:10:41.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted