HP Printers Insufficient DLL Signature Validation

Published: 2018-01-26 13:20:42

CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Summary:
Multiple HP Printers perform insufficient Solution DLL Signature Validation, allowing for potential execution of arbitrary code.

Detection Method:
The script checks if the target host is a vulnerable device running a vulnerable firmware version.

Impact:
Successful exploitation could allow an attacker to gain complete control over the target host.

Affected Versions:
HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed and HP OfficeJet Enterprise printers. Please see the referenced vendor advisory for a full list of affected printers/models and firmware versions.

Recommendations:
The vendor has released firmware updates. Please see the referenced vendor advisory for more information.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-2750

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/101965

References:

https://support.hp.com/us-en/document/c05839270

Severity

High

CVSS Score

7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.

Vulnerabilities

Categories

CVE Database

Documentation

To perform a search, type a word and hit enter. Some suggestions are:

HP Printers Insufficient DLL Signature Validation

Published: 2018-01-26 13:20:42

CVE Author: NIST National Vulnerability Database (NVD)

You never have to pay for a vulnerability scanning and management software again.