High severity8.0NVD Advisory· Published Nov 22, 2019· Updated Jun 17, 2026
CVE-2019-18909
CVE-2019-18909
Description
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 6.2
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2020/Mar/39nvdMailing ListThird Party Advisory
- support.hp.com/us-en/document/c06509350nvdVendor Advisory
News mentions
0No linked articles in our index yet.