Sign-up

ID

VAR-201612-0004


CVE

CVE-2016-2246


TITLE

HP ThinPro Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2016-006570

DESCRIPTION

HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. HPThinPro is a thin client device from Hewlett Packard (HP). An attacker could exploit the vulnerability to gain unauthorized access to HP client devices and elevation of privileges. HP ThinPro is prone to local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the root privileges

Trust: 2.43

sources: NVD: CVE-2016-2246 // JVNDB: JVNDB-2016-006570 // CNVD: CNVD-2016-10399 // BID: 93904

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-10399

AFFECTED PRODUCTS

vendor:hpmodel:thinproscope:eqversion:4.4

Trust: 2.5

vendor:hpmodel:thinproscope:eqversion:5.0

Trust: 2.5

vendor:hpmodel:thinproscope:eqversion:5.1

Trust: 2.5

vendor:hpmodel:thinproscope:eqversion:5.2

Trust: 2.5

vendor:hpmodel:thinproscope:eqversion:5.2.1

Trust: 2.5

vendor:hpmodel:thinproscope:eqversion:6.0

Trust: 2.5

vendor:hpmodel:thinproscope:eqversion:6.1

Trust: 2.5

vendor:hewlett packardmodel:hp thinproscope:eqversion:4.4 to 6.1

Trust: 0.8

sources: CNVD: CNVD-2016-10399 // BID: 93904 // JVNDB: JVNDB-2016-006570 // CNNVD: CNNVD-201610-755 // NVD: CVE-2016-2246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2246
value: HIGH

Trust: 1.0

NVD: CVE-2016-2246
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-10399
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201610-755
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2016-2246
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-10399
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-2246
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-10399 // JVNDB: JVNDB-2016-006570 // CNNVD: CNNVD-201610-755 // NVD: CVE-2016-2246

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-006570 // NVD: CVE-2016-2246

THREAT TYPE

local

Trust: 0.9

sources: BID: 93904 // CNNVD: CNNVD-201610-755

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201610-755

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006570

PATCH
title:HPSBHF3550url:http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05291676
Trust: 0.8
title:Patch for HPThinPro Local Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/83251
Trust: 0.6
title:HP ThinPro Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65111
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-10399 // 
            
            
            
            JVNDB: JVNDB-2016-006570 // 
            
            
            
            CNNVD: CNNVD-201610-755

EXTERNAL IDS
db:NVDid:CVE-2016-2246
Trust: 3.3
db:BIDid:93904
Trust: 2.5
db:JVNDBid:JVNDB-2016-006570
Trust: 0.8
db:CNVDid:CNVD-2016-10399
Trust: 0.6
db:CNNVDid:CNNVD-201610-755
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-10399 // 
            
            
            
            BID: 93904 // 
            
            
            
            JVNDB: JVNDB-2016-006570 // 
            
            
            
            CNNVD: CNNVD-201610-755 // 
            
            
            
            NVD: CVE-2016-2246

REFERENCES
url:http://www.securityfocus.com/bid/93904
Trust: 2.2
url:http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c05291676
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2246
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2246
Trust: 0.8
url:http://www.hp.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-10399 // 
            
            
            
            BID: 93904 // 
            
            
            
            JVNDB: JVNDB-2016-006570 // 
            
            
            
            CNNVD: CNNVD-201610-755 // 
            
            
            
            NVD: CVE-2016-2246

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 93904

SOURCES
db:CNVDid:CNVD-2016-10399
db:BIDid:93904
db:JVNDBid:JVNDB-2016-006570
db:CNNVDid:CNNVD-201610-755
db:NVDid:CVE-2016-2246

LAST UPDATE DATE
2024-11-23T21:54:21.074000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-10399date:2016-10-31T00:00:00
db:BIDid:93904date:2016-11-24T03:03:00
db:JVNDBid:JVNDB-2016-006570date:2017-01-11T00:00:00
db:CNNVDid:CNNVD-201610-755date:2019-10-17T00:00:00
db:NVDid:CVE-2016-2246date:2024-11-21T02:48:06.353

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-10399date:2016-10-31T00:00:00
db:BIDid:93904date:2016-09-27T00:00:00
db:JVNDBid:JVNDB-2016-006570date:2017-01-11T00:00:00
db:CNNVDid:CNNVD-201610-755date:2016-09-27T00:00:00
db:NVDid:CVE-2016-2246date:2016-12-29T09:59:00.133