CVE-2022-1602 - OpenCVE

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Mt21 Mt22 Mt32 Mt45 Mt46 T240 T420 T430 T530 T540 T628 T630 T638 T730 T740 Thinpro

Configuration 1 [-]

AND

OR	cpe:2.3:h:hp:mt21:-:::::::*
	cpe:2.3:h:hp:mt22:-:::::::*
	cpe:2.3:h:hp:mt32:-:::::::*
	cpe:2.3:h:hp:mt45:-:::::::*
	cpe:2.3:h:hp:mt46:-:::::::*
	cpe:2.3:h:hp:t240:-:::::::*
	cpe:2.3:h:hp:t420:-:::::::*
	cpe:2.3:h:hp:t430:-:::::::*
	cpe:2.3:h:hp:t530:-:::::::*
	cpe:2.3:h:hp:t540:-:::::::*
	cpe:2.3:h:hp:t628:-:::::::*
	cpe:2.3:h:hp:t630:-:::::::*
	cpe:2.3:h:hp:t638:-:::::::*
	cpe:2.3:h:hp:t730:-:::::::*
	cpe:2.3:h:hp:t740:-:::::::*

cpe:2.3:o:hp:thinpro:7.2:sp8:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2022-09-13T14:51:42

Updated: 2024-08-03T00:10:03.501Z

Reserved: 2022-05-05T00:00:00

Link: CVE-2022-1602

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-13T15:15:08.400

Modified: 2022-09-15T17:24:21.567

Link: CVE-2022-1602

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HP ThinPro OS", "vendor": "n/a", "versions": [{"status": "affected", "version": "before SP10"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8."}], "problemTypes": [{"descriptions": [{"description": "Unauthorized modification of certain files", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T14:51:42", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2022-1602", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HP ThinPro OS", "version": {"version_data": [{"version_value": "before SP10"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unauthorized modification of certain files"}]}]}, "references": {"reference_data": [{"name": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789", "refsource": "MISC", "url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.501Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2022-1602", "datePublished": "2022-09-13T14:51:42", "dateReserved": "2022-05-05T00:00:00", "dateUpdated": "2024-08-03T00:10:03.501Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:hp:mt21:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6E137D9-11DA-4D32-8D47-33437C4B9B78", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:mt22:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B1E2-599A-42B6-A8B9-B6BAE0392AFA", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:mt32:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE7D0BF7-E4FD-45DB-8434-E1E1D14C8D9F", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:mt45:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD51E634-1DC3-468D-BA97-2390C37C1244", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:mt46:-:*:*:*:*:*:*:*", "matchCriteriaId": "E424F17B-06C0-4630-8797-14FEC810AD08", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t240:-:*:*:*:*:*:*:*", "matchCriteriaId": "101BB9A6-E730-4BAE-A824-8B9D68F5A6C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t420:-:*:*:*:*:*:*:*", "matchCriteriaId": "C73DAA94-81CE-40CF-BFF0-ACE67D6D4280", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t430:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA282389-B256-4E59-966A-F45533AB0D0E", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t530:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2EEE389-8B47-4988-9C13-7D78302BF4D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t540:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFDD3D12-908A-4165-8099-D2E81C938CD6", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t628:-:*:*:*:*:*:*:*", "matchCriteriaId": "E211855B-CC97-4465-BB6B-6A21BE49EB8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t630:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EFFE956-921E-43DE-B4A5-97DDCC12B69C", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t638:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2328866-4483-4586-91A2-CEBABDA87426", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t730:-:*:*:*:*:*:*:*", "matchCriteriaId": "7755FA5A-34A1-43B4-ABE3-34166A706B02", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:t740:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD4CF900-3C60-4D6E-8AFC-1B857572B3DF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:hp:thinpro:7.2:sp8:*:*:*:*:*:*", "matchCriteriaId": "4C0CDEFD-70C8-4E54-AD2C-BCEEE7F996F2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en HP ThinPro versi\u00f3n 7.2 Service Pack 8 (SP8). La vulnerabilidad de seguridad en el SP8 no es mitigada despu\u00e9s de actualizar del SP8 al Service Pack 9 (SP9). HP ha lanzado el Service Pack 10 (SP10) para mitigar la posible vulnerabilidad introducida en el SP8"}], "id": "CVE-2022-1602", "lastModified": "2022-09-15T17:24:21.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T15:15:08.400", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}