Vulnerability CVE-2018-5923


Published: 2019-03-27

Description:
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.

Type:

CWE-347

(Improper Verification of Cryptographic Signature)

Vendor: HP
Product: Color laserjet managed mfp e67550dh firmware 
Version: 2406087_000017;
Product: Color laserjet enterprise flow mfp m681f firmware 
Version: 2406087_000017;
Product: Color laserjet managed flow mfp e67560z firmware 
Version: 2406087_000017;
Product: Color laserjet enterprise mfp m682dh firmware 
Version: 2406087_000017;
Product: Color laserjet managed mfp e67560dh firmware 
Version: 2406087_000017;
Product: Color laserjet managed flow mfp e67550f firmware 
Version: 2406087_000017;
Product: Color laserjet enterprise mfp m681dh firmware 
Version: 2406087_000017;
Product: Color laserjet enterprise m653dn firmware 
Version: 2406087_000016;
Product: Color laserjet managed e65050dn firmware 
Version: 2406087_000016;
Product: Color laserjet enterprise m652n firmware 
Version: 2406087_000016;
Product: Laserjet enterprise m806 firmware 
Version: 2406048_029646;
Product: Laserjet enterprise mfp m725 firmware 
Version: 2406048_029644;
Product: Color laserjet managed e55040dw firmware 
Version: 2406048_029643;
Product: Officejet enterprise color x555xh firmware 
Version: 2406048_029642;
Product: Officejet enterprise color x555dn firmware 
Version: 2406048_029642;
Product: Laserjet enterprise 800 color mfp m880 firmware 
Version: 2406048_029641;
Product: Laserjet managed e50045dw firmware 
Version: 2406048_029640;
Product: Laserjet enterprise m609dh firmware 
Version: 2406048_029638;
Product: Laserjet enterprise m607n firmware 
Version: 2406048_029638;
Product: Laserjet enterprise m609x firmware 
Version: 2406048_029638;
Product: Laserjet enterprise m608dn firmware 
Version: 2406048_029638;
Product: Laserjet managed e60065dn firmware 
Version: 2406048_029638;
Product: Laserjet enterprise m608x firmware 
Version: 2406048_029638;
Product: Laserjet managed e60075dn firmware 
Version: 2406048_029638;
Product: Laserjet enterprise m609dn firmware 
Version: 2406048_029638;
Product: Laserjet enterprise m608dh firmware 
Version: 2406048_029638;
Product: Laserjet managed e60055dn firmware 
Version: 2406048_029638;
Product: Laserjet enterprise m608n firmware 
Version: 2406048_029638;
Product: Laserjet managed e60065x firmware 
Version: 2406048_029638;
Product: Pagewide enterprise color x556xh firmware 
Version: 2406048_029637;
Product: Pagewide enterprise color x556dn firmware 
Version: 2406048_029637;
Product: Pagewide managed color e55650dn firmware 
Version: 2406048_029637;
Product: Officejet enterprise color mfp x585 firmware 
Version: 2406048_029636;
Product: Officejet enterprise color flow mfp x585 firmware 
Version: 2406048_029636;
Product: Laserjet enterprise flow mfp m525c firmware 
Version: 2406048_029635;
Product: Laserjet enterprise 500 mfp m525f firmware 
Version: 2406048_029635;
Product: Laserjet enterprise 500 color mfp m575dn firmware 
Version: 2406048_029634;
Product: Laserjet enterprise color flow mfp m575c firmware 
Version: 2406048_029634;
Product: Color laserjet m680 firmware 
Version: 2406048_029633;
Product: Color laserjet enterprise m651 firmware 
Version: 2406048_029632;
Product: Laserjet enterprise mfp m630 firmware 
Version: 2406048_029631;
Product: Laserjet enterprise flow mfp m630z firmware 
Version: 2406048_029631;
Product: Laserjet managed flow mfp e62575z firmware 
Version: 2406048_029629;
Product: Laserjet enterprise mfp m631z firmware 
Version: 2406048_029629;
Product: Laserjet enterprise flow mfp m631h firmware 
Version: 2406048_029629;
Product: Laserjet managed flow mfp e62555dn firmware 
Version: 2406048_029629;
Product: Laserjet enterprise mfp m632h firmware 
Version: 2406048_029629;
Product: Laserjet managed mfp e62565hs firmware 
Version: 2406048_029629;
Product: Laserjet enterprise flow mfp m633z firmware 
Version: 2406048_029629;
Product: Laserjet managed flow mfp e62565z firmware 
Version: 2406048_029629;
Product: Laserjet enterprise mfp m631dn firmware 
Version: 2406048_029629;
Product: Laserjet managed flow mfp e52545c firmware 
Version: 2406048_029629;
Product: Laserjet enterprise mfp m632fht firmware 
Version: 2406048_029629;
Product: Laserjet managed mfp e62555dn firmware 
Version: 2406048_029629;
Product: Laserjet enterprise flow mfp m632z firmware 
Version: 2406048_029629;
Product: Laserjet managed flow mfp e62565h firmware 
Version: 2406048_029629;
Product: Laserjet enterprise mfp m633fh firmware 
Version: 2406048_029629;
Product: Laserjet managed e60075x firmware 
Version: 2406048_029628;
Product: Laserjet managed mfp e52545dn firmware 
Version: 2406048_029628;
Product: Laserjet enterprise mfp m527 firmware 
Version: 2406048_029628;
Product: Color laserjet managed flow mfp e57540dn firmware 
Version: 2406048_029627;
Product: Color laserjet enterprise mfp m577 firmware 
Version: 2406048_029627;
Product: Color laserjet managed flow mfp e57540c firmware 
Version: 2406048_029627;
Product: Scanjet enterprise flow n9120 document flatbed scanner firmware 
Version: 2406048_029625;
Product: Pagewide managed color flow mfp e58650z firmware 
Version: 2406048_029624;
Product: Pagewide enterprise color mfp 586dn firmware 
Version: 2406048_029624;
Product: Pagewide managed color mfp e58650dn firmware 
Version: 2406048_029624;
Product: Pagewide enterprise color flow mfp 586z firmware 
Version: 2406048_029624;
Product: Pagewide enterprise color mfp 586f firmware 
Version: 2406048_029624;
Product: Digital sender flow 8500 fn2 document capture workstation firmware 
Version: 2406048_029623;
Product: Pagewide managed color flow mfp e77660zs firmware 
Version: 2406048_029621;
Product: Pagewide enterprise color mpf 785zs firmware 
Version: 2406048_029621;
Product: Laserjet enterprise 800 color m855 firmware 
Version: 2406048_029621;
Product: Pagewide managed color flow mfp e77650zs firmware 
Version: 2406048_029621;
Product: Pagewide enterprise color mpf 780dn firmware 
Version: 2406048_029621;
Product: Pagewide managed color mfp e77650dns firmware 
Version: 2406048_029621;
Product: Pagewide managed color flow mfp e77660z firmware 
Version: 2406048_029621;
Product: Pagewide enterprise color mpf 785f firmware 
Version: 2406048_029621;
Product: Pagewide managed color flow mfp e77660zts firmware 
Version: 2406048_029621;
Product: Pagewide managed color flow mfp e77650z firmware 
Version: 2406048_029621;
Product: Pagewide managed color mfp e77650dn firmware 
Version: 2406048_029621;
Product: Pagewide managed color flow mfp e77660dn firmware 
Version: 2406048_029621;
Product: Pagewide enterprise color mpf 780f firmware 
Version: 2406048_029621;
Product: Pagewide managed color e75160dn firmware 
Version: 2406048_029619;
Product: Pagewide enterprise color 765dn firmware 
Version: 2406048_029619;
Product: Laserjet managed mfp e82560dn firmware 
Version: 2406048_029617;
Product: Laserjet managed flow mfp e82550 firmware 
Version: 2406048_029617;
Product: Laserjet managed mfp e82550 firmware 
Version: 2406048_029617;
Product: Laserjet managed flow mfp e82540 firmware 
Version: 2406048_029617;
Product: Laserjet managed flow mfp e82560z firmware 
Version: 2406048_029617;
Product: Laserjet managed mfp e82540 firmware 
Version: 2406048_029617;
Product: Color laserjet managed flow mfp e77830z firmware 
Version: 2406048_029616;
Product: Color laserjet managed mfp e77822 firmware 
Version: 2406048_029616;
Product: Color laserjet managed mfp e77830dn firmware 
Version: 2406048_029616;
Product: Color laserjet managed flow mfp e77825 firmware 
Version: 2406048_029616;
Product: Color laserjet managed mfp e77825 firmware 
Version: 2406048_029616;
Product: Color laserjet managed flow mfp e77822 firmware 
Version: 2406048_029616;
Product: Color laserjet managed mfp e87640 firmware 
Version: 2406048_029615;
Product: Color laserjet managed mfp e87650 firmware 
Version: 2406048_029615;
Product: Color laserjet managed flow mfp e87640 firmware 
Version: 2406048_029615;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://support.hp.com/us-en/document/c06169434

Related CVE
CVE-2019-18909
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
CVE-2019-18910
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
CVE-2019-16287
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed comma...
CVE-2019-16285
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-6333
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touc...
CVE-2019-11656
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
CVE-2019-11655
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.

Copyright 2019, cxsecurity.com

 

Back to Top