CVE-2019-16287

Name of the Vulnerable Software and Affected Versions HP ThinPro Linux versions 6.2 through 7.1

Description The issue is related to insecure privilege management, allowing an attacker to create a file on the local file system that puts the device in Administrative Mode. This enables the attacker to execute commands with elevated privileges. The vulnerability can be exploited to gain privileged access and execute arbitrary code with increased privileges.

Recommendations For HP ThinPro Linux versions 6.2 through 7.1, consider restricting access to the local file system to prevent the creation of files that could put the device in Administrative Mode, until a patch is available. As a temporary workaround, monitor the device for any unexpected files or changes in the file system that could indicate an attempt to exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.