HP published details of three vulnerabilities in the HP Device Manager that could be exploited by attackers to take over Windows systems.

From securityaffairs.co

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager.

The IT giant revealed that an attacker could exploit the vulnerabilities to take over Windows systems.

The HP Device Manager allows administrators to remotely manage HP thin clients.

The vulnerabilities have been reported to HP by the infosec researchers Nick Bloor, an attacker could chain the three issues to achieve SYSTEM privileges on targeted devices and potentially take over them.

Read more…