Vulnerability CVE-2017-2747


Published: 2018-01-23

Description:
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

Type:

CWE-255

(Credentials Management)

Vendor: HP
Product: 560 firmware 
Version: storm_00_05_01.5;
Product: 570 firmware 
Version: storm_00_05_01.5;
Product: 315 firmware 
Version: nexus_03_12_00.14;
Product: 335 firmware 
Version: nexus_03_12_00.14;
Product: 365 firmware 
Version: nexus_03_12_00.14;
Product: 375 firmware 
Version: nexus_03_12_00.14;
Product: 360 firmware 
Version: nexus_01_12_00.10;
Product: 370 firmware 
Version: nexus_01_12_00.10;
Product: 310 firmware 
Version: nexus_01_12_00.10;
Product: 330 firmware 
Version: nexus_01_12_00.10;
Product: 110 firmware 
Version: nexus_00_04_53.8;
Product: T1500 firmware 
Version: mry_04_05_00.4;
Product: T930 firmware 
Version: mry_04_05_00.4;
Product: T2530 firmware 
Version: mry_04_05_00.4;
Product: T1530 firmware 
Version: mry_04_05_00.4;
Product: T920 firmware 
Version: mry_04_05_00.4;
Product: T2500 firmware 
Version: mry_04_05_00.4;
Product: T795 firmware 
Version: ig_11_00_00.09;
Product: T2300 firmware 
Version: ig_11_00_00.09;
Product: T1300 firmware 
Version: ig_11_00_00.09;
Product: T790 firmware 
Version: ig_11_00_00.09;
Product: T3500 firmware 
Version: aeneas_03_04_00.8;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://support.hp.com/us-en/document/c05624457

Related CVE
CVE-2019-5408
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. Th...
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5403
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5402
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5401
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). B...

Copyright 2019, cxsecurity.com

 

Back to Top