Vulnerability CVE-2017-2747


Published: 2018-01-23

Description:
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

Type:

CWE-255

(Credentials Management)

Vendor: HP
Product: 560 firmware 
Version: storm_00_05_01.5;
Product: 570 firmware 
Version: storm_00_05_01.5;
Product: 315 firmware 
Version: nexus_03_12_00.14;
Product: 335 firmware 
Version: nexus_03_12_00.14;
Product: 365 firmware 
Version: nexus_03_12_00.14;
Product: 375 firmware 
Version: nexus_03_12_00.14;
Product: 360 firmware 
Version: nexus_01_12_00.10;
Product: 370 firmware 
Version: nexus_01_12_00.10;
Product: 310 firmware 
Version: nexus_01_12_00.10;
Product: 330 firmware 
Version: nexus_01_12_00.10;
Product: 110 firmware 
Version: nexus_00_04_53.8;
Product: T1500 firmware 
Version: mry_04_05_00.4;
Product: T930 firmware 
Version: mry_04_05_00.4;
Product: T2530 firmware 
Version: mry_04_05_00.4;
Product: T1530 firmware 
Version: mry_04_05_00.4;
Product: T920 firmware 
Version: mry_04_05_00.4;
Product: T2500 firmware 
Version: mry_04_05_00.4;
Product: T795 firmware 
Version: ig_11_00_00.09;
Product: T2300 firmware 
Version: ig_11_00_00.09;
Product: T1300 firmware 
Version: ig_11_00_00.09;
Product: T790 firmware 
Version: ig_11_00_00.09;
Product: T3500 firmware 
Version: aeneas_03_04_00.8;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://support.hp.com/us-en/document/c05624457

Related CVE
CVE-2018-7116
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7115
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.
CVE-2018-5921
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow el...
CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in earl...
CVE-2018-9069
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
CVE-2018-7109
HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.

Copyright 2019, cxsecurity.com

 

Back to Top