Multiple Vulnerabilities in HP Device Manager (CVE-2020-6925,

Question

Multiple Vulnerabilities in HP Device Manager (CVE-2020-6925, CVE-2020-6926, CVE-2020-6927)Late last month, HP published a security bulletin detailing three vulnerabilities in HP Device Manager, a software solution used to manage HP Thin Clients remotely. Nick Bloor, a security researcher, is credited with discovering all three vulnerabilities. Bloor published a Twitter thread on September 29, providing mitigations to address the vulnerabilities. He also published a blog post detailing his findings on October 5.&nbsp;Bloor discovered a backdoor database user account in HP Device Manager that was protected by a weak password. With this knowledge, he was able to chain multiple vulnerabilities together to gain remote command execution as SYSTEM through HP Device Manager.For more information about the vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

adewuyiahmed8 · Answer

Thank you.

Vulnerability Watch

Forum Discussion

Multiple Vulnerabilities in HP Device Manager (CVE-2020-6925,

1 Reply

Recent Discussions

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Americas

Europe

Asia / Australia