Multiple Vulnerabilities In HP Device Manager – Expert Insight

HP recently published a security bulletin to address multiple vulnerabilities in HP Device Manager, software that’s used to manage HP Thin Clients remotely. A combination of the three vulnerabilities could allow an attacker to gain remote command execution on the system through the HP Device Manager.

Experts Comments

October 08, 2020
Satnam Narang
Senior Research Engineer
Tenable
HP Device Manager is a popular software solution used to manage HP Thin Clients remotely. The three vulnerabilities disclosed in HP’s recent security bulletin by themselves are notable. However, a pair of the flaws, CVE-2020-6926 and CVE-2020-6927, when combined could allow an attacker to gain remote command execution on the vulnerable system through the HP Device Manager. HP has so far released patches for the 5.0.x branch of HP Device Manager, so organizations using this particular.....Read More
HP Device Manager is a popular software solution used to manage HP Thin Clients remotely. The three vulnerabilities disclosed in HP’s recent security bulletin by themselves are notable. However, a pair of the flaws, CVE-2020-6926 and CVE-2020-6927, when combined could allow an attacker to gain remote command execution on the vulnerable system through the HP Device Manager. HP has so far released patches for the 5.0.x branch of HP Device Manager, so organizations using this particular branch release should upgrade to 5.0.4 as soon as possible. If an organization is using a previous version of HP Device Manager, there are mitigation steps in HP’s security bulletin that can be taken to protect against these attacks until a patch becomes available.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.