CVE-2024-5143
📋 TL;DR
This vulnerability allows device administrators to change SMTP server settings without re-entering credentials, potentially exposing original SMTP credentials by redirecting email traffic. It affects HP devices with administrative users who can modify SMTP configurations.
💻 Affected Systems
- HP ThinPro OS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Original SMTP server credentials are captured by an attacker-controlled server, leading to unauthorized email sending, credential reuse attacks, and potential data exfiltration.
Likely Case
Malicious administrator or compromised admin account redirects email traffic to capture SMTP credentials, enabling unauthorized email operations.
If Mitigated
Limited to authorized administrators only, with monitoring detecting unusual SMTP configuration changes.
🎯 Exploit Status
Exploitation requires administrative access to the device. The vulnerability is straightforward to exploit once admin access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ThinPro 7.2 MR7 and ThinPro 8.0 MR5
Vendor Advisory: https://support.hp.com/us-en/document/ish_10643804-10643841-16/HPSBPI03941
Restart Required: Yes
Instructions:
1. Download the latest maintenance release from HP support. 2. Apply the update to affected ThinPro devices. 3. Restart devices to complete installation.
🔧 Temporary Workarounds
Restrict Administrative Access
allLimit device administrative privileges to trusted personnel only and implement least privilege principles.
Monitor SMTP Configuration Changes
allImplement logging and alerting for any changes to SMTP server settings.
🧯 If You Can't Patch
- Implement strict access controls and monitor administrative account activity.
- Use separate SMTP accounts with limited permissions to minimize credential exposure impact.
🔍 How to Verify
Check if Vulnerable:
Check ThinPro OS version via system settings or command line. Versions 7.2 and 8.0 before maintenance releases are vulnerable.Check Version:
cat /etc/thinpro_version or check System Information in ThinPro settingsVerify Fix Applied:
Verify ThinPro OS version is 7.2 MR7 or 8.0 MR5 or later after applying patches.📡 Detection & Monitoring
Log Indicators:
- Unexpected changes to SMTP server configuration
- Administrative account modifying email settings outside normal patterns
Network Indicators:
- SMTP traffic redirected to new/unexpected servers
- Unusual email sending patterns from the device
SIEM Query:
source="thinpro_logs" AND (event="smtp_config_change" OR user="admin" AND action="modify_email_settings")