CVE-2017-2750 HP Printers Remote Code Execution Vulnerability

漏洞类别:Web server

漏洞等级:

漏洞信息

A Remote Code Execution vulnerability has been identified in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, and HP OfficeJet Enterprise printers. The vulnerability exists due to Insufficient DLL Signature Validation.

This vulnerability affects approximately 50 enterprise printers. Please refer to the advisory in the solution section for more information about products affected.

QID Detection Logic (unauthenticated):
This QID detects the vulnerable version of HP Printer via “hp/device/InternalPages/Index?id=ConfigurationPage” web page.

漏洞危害

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the printer.

解决方案

Customers are advised to refer to HP Security Bulletin-c05839270 for information pertaining to remediating this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

c05839270

Leave a Reply