HP Pagewide and OfficeJet Printers RCE Vulnerability

Published: 2018-01-25 13:52:55
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Summary:
A potential security vulnerability has been identified with HP PageWide Printers and HP OfficeJet Pro Printers. This vulnerability could potentially be exploited to execute arbitrary code.

Detection Method:
The script checks if the target host is a vulnerable device running a vulnerable firmware version.

Impact:
Successful exploitation would give an attacker complete control over the target host.

Affected Versions:
Affected are following HP devices with a firmware version 1707D or below: HP PageWide Managed MFP P57750dw HP PageWide Managed P55250 dw HP PageWide Pro MFP 577z HP PageWide Pro 552dw HP PageWide Pro MFP 577dw HP PageWide Pro MFP 477dw HP PageWide Pro 452dw HP PageWide Pro MFP 477dn HP PageWide Pro 452dn HP PageWide MFP 377dw HP PageWide 352dw HP OfficeJet Pro 8730 All-in-One Printer HP OfficeJet Pro 8740 All-in-One Printer HP OfficeJet Pro 8210 Printer HP OfficeJet Pro 8216 Printer HP OfficeJet Pro 8218 Printer

Recommendations:
Update to firmware version 1708D or above.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-2741

References:

https://support.hp.com/us-en/document/c05462914
https://www.exploit-db.com/exploits/42176/

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.