CVE-2019-18909

Summary

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.

Affected Software

VendorProductVersion RangeStatus
HPThinPro Linux6.2affected
HPThinPro Linux6.2.1affected
HPThinPro Linux7.0affected
HPThinPro Linux7.1affected

Weaknesses

  • Privileged Command Injection

ADP Enrichment

CVE Program Container

Additional References

References