Critical Alert: A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution (CVE-2017-2741)
by CIRT Team
Description: A vulnerability has been discovered in HP products, which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: This vulnerability could potentially be exploited to execute arbitrary code. System affected :
- HP PageWide Managed MFP P57750dw, J9V82A, J9V82B, J9V82C, J9V82D firmware versions prior to 1708D
- HP PageWide Managed P55250dw J6U55A, J6U55B, J6U55C, J6U55D firmware versions prior to 1708D
- HP PageWide Pro MFP 577z K9Z76A, K9Z76D firmware versions prior to 1708D
- HP PageWide Pro 552dw D3Q17A, D3Q17C, D3Q17D firmware versions prior to 1708D
- HP PageWide Pro MFP 577dw D3Q21A, D3Q21C, D3Q21D firmware versions prior to 1708D
- HP PageWide Pro MFP 477dw D3Q20A, D3Q20B, D3Q20C, D3Q20D firmware versions prior to 1708D
- HP PageWide Pro 452dw D3Q16A, D3Q16B, D3Q16C, D3Q16D firmware versions prior to 1708D
- HP PageWide Pro MFP 477dn D3Q19A, D3Q19D firmware versions prior to 1708D
- HP PageWide Pro 452dn D3Q15A, D3Q15B, D3Q15D firmware versions prior to 1708D
- HP PageWide MFP 377dw J9V80A, J9V80B firmware versions prior to 1708D
- HP PageWide 352dw J6U57B firmware versions prior to 1708D
- HP OfficeJet Pro 8730 All-in-One Printer D9L20A firmware versions prior to 1708D
- HP OfficeJet Pro 8740 All-in-One Printer D9L21A firmware versions prior to 1708D
- HP OfficeJet Pro 8210 Printer D9L63A, D9L64A firmware versions prior to 1708D
- HP OfficeJet Pro 8216 Printer T0G70A firmware versions prior to 1708D
- HP OfficeJet Pro 8218 Printer J3P68A firmware versions prior to 1708D
Mitigation: HP has provided firmware updates for impacted printers. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software.
Reference URL’s:
- https://support.hp.com/us-en/document/c05462914
- https://www.tenable.com/blog/rooting-a-printer-from-security-bulletin-to-remote-code-execution
- https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2741
Recommended Posts
Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh
06 Nov 2024 - Security Advisories & Alerts