CVE-2019-5544 - Security Notice: Information regarding recently discovered OpenSLP vulenerability

Rate this Article
No votes yet

November 8, 2020

Last modified: 08/07/2023, 11:15 am

Knowledge Base Article Advisory Security Management Console Remote Workstation Card Zero Clients

 

HP Anyware uses OpenSLP library which has been reported affected by CVE-2019-5544.


HP Anyware does not believe the vulnerability is exploitable on either the Zero Client or Remote Workstation Card but as an absolute guarantee customers may want to disable openSLP. HP Anyware advises coordinating with your companies security policies when considering this change.

Use one of the available methods to disable SLP Discovery on your PCoIP endpoint.

  • From your Remote Workstation Card or PCoIP Zero Client AWI, browse to the Configuration > Discovery page and deselect the Enable SLP Discovery service.
  • From your Zero Client OSD, browse to the Configuration > Discovery page and deselect Enable Discovery.
  • From your PCoIP Management Console, apply a profile to your PCoIP endpoints with SLP Discovery disabled. For further details see Managing Profiles in the PCoIP Management Console Administrators' Guide