From securityaffairs.co
HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager.
The IT giant revealed that an attacker could exploit the vulnerabilities to take over Windows systems.
The HP Device Manager allows administrators to remotely manage HP thin clients.
The vulnerabilities have been reported to HP by the infosec researchers Nick Bloor, an attacker could chain the three issues to achieve SYSTEM privileges on targeted devices and potentially take over them.