Vulnerability CVE-2018-5924


Published: 2018-08-13

Description:
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: HP
Product: K7s42a firmware 
Version: 1832a;
Product: G0v47 firmware 
Version: 1831a;
Product: K7c84 firmware 
Version: 1831a;
Product: D4j85b firmware 
Version: 1831a;
Product: G0450 firmware 
Version: 1831a;
Product: Cz282a firmware 
Version: 1831a;
Product: G0v48b firmware 
Version: 1831a;
Product: M2u76 firmware 
Version: 1831a;
Product: F8b04a firmware 
Version: 1830b;
Product: F8b06a firmware 
Version: 1830b;
Product: K7g86 firmware 
Version: 1830b;
Product: F8b05a firmware 
Version: 1830b;
Product: B9s56a firmware 
Version: 1830b;
Product: B9s58a firmware 
Version: 1830b;
Product: F8b13a firmware 
Version: 1830b;
Product: F5s00 firmware 
Version: 1830a;
Product: K9v76 firmware 
Version: 1830a;
Product: T0f29a firmware 
Version: 1830a;
Product: Y0s18a firmware 
Version: 1830a;
Product: F1h96 firmware 
Version: 1830a;
Product: B4l08a firmware 
Version: 1830a;
Product: D4h25a firmware 
Version: 1830a;
Product: Cz025a firmware 
Version: 1830a;
Product: F1j00 firmware 
Version: 1830a;
Product: F8b12a firmware 
Version: 1830a;
Product: F5r96a firmware 
Version: 1830a;
Product: B9s76 firmware 
Version: 1830a;
Product: B4l03 firmware 
Version: 1830a;
Product: T8w35a firmware 
Version: 1830a;
Product: Cz294a firmware 
Version: 1830a;
Product: Cz284a firmware 
Version: 1830a;
Product: Z4b12 firmware 
Version: 1830a;
Product: D4j74 firmware 
Version: 1830a;
Product: F8b09 firmware 
Version: 1830a;
Product: Cz045a firmware 
Version: 1830a;
Product: F5r95 firmware 
Version: 1830a;
Product: F9d36 firmware 
Version: 1830a;
Product: E4w43 firmware 
Version: 1829d;
Product: K7g18a firmware 
Version: 1829d;
Product: Cn460a firmware 
Version: 1829b;
Product: Cq893ar firmware 
Version: 1829b;
Product: Cq891a firmware 
Version: 1829b;
Product: Cq890ar firmware 
Version: 1829b;
Product: Cn463a firmware 
Version: 1829b;
Product: Cq893c firmware 
Version: 1829b;
Product: Cq891b firmware 
Version: 1829b;
Product: Cq890c firmware 
Version: 1829b;
Product: Cn459a firmware 
Version: 1829b;
Product: Cq893a firmware 
Version: 1829b;
Product: Cq890e firmware 
Version: 1829b;
Product: Cq890a firmware 
Version: 1829b;
Product: Cn598a firmware 
Version: 1829b;
Product: Cn461a firmware 
Version: 1829b;
Product: Cq893b firmware 
Version: 1829b;
Product: Cq891ar firmware 
Version: 1829b;
Product: Cq890b firmware 
Version: 1829b;
Product: Cq176a firmware 
Version: 1829b;
Product: Cv037a firmware 
Version: 1829b;
Product: Cq893e firmware 
Version: 1829b;
Product: Cq891c firmware 
Version: 1829b;
Product: Cq890d firmware 
Version: 1829b;
Product: Cq761a firmware 
Version: 1829b;
Product: Y5z00a firmware 
Version: 1829a;
Product: Cr769a firmware 
Version: 1829a;
Product: K7v42c firmware 
Version: 1829a;
Product: N9m07a firmware 
Version: 1829a;
Product: K4t99b firmware 
Version: 1829a;
Product: F9a28b firmware 
Version: 1829a;
Product: Cz283a firmware 
Version: 1829a;
Product: F5s57a firmware 
Version: 1829a;
Product: 1jl02b firmware 
Version: 1829a;
Product: Cm750a firmware 
Version: 1829a;
Product: B9s57c firmware 
Version: 1829a;
Product: F9a29b firmware 
Version: 1829a;
Product: T5d67a firmware 
Version: 1829a;
Product: Cz152a firmware 
Version: 1829a;
Product: F5s65a firmware 
Version: 1829a;
Product: Cv136a firmware 
Version: 1829a;
Product: Cr768a firmware 
Version: 1829a;
Product: X3b09a firmware 
Version: 1829a;
Product: K7v35 firmware 
Version: 1829a;
Product: F9a28a firmware 
Version: 1829a;
Product: M2q28a firmware 
Version: 1829a;
Product: F5s43 firmware 
Version: 1829a;
Product: 1jl02a firmware 
Version: 1829a;
Product: Cr771a firmware 
Version: 1829a;
Product: Cm749a firmware 
Version: 1829a;
Product: P0r21a firmware 
Version: 1829a;
Product: K4u04b firmware 
Version: 1829a;
Product: F9a29a firmware 
Version: 1829a;
Product: T5d66a firmware 
Version: 1829a;
Product: F5s60a firmware 
Version: 1829a;
Product: Cn216a firmware 
Version: 1829a;
Product: T0a23a firmware 
Version: 1829a;
Product: J3p68a firmware 
Version: 1829a;
Product: Cx017a firmware 
Version: 1828b;
Product: G3j47a firmware 
Version: 1828b;
Product: A7f66a firmware 
Version: 1828b;
Product: G0v48c firmware 
Version: 1828b;
Product: D3a78b firmware 
Version: 1828b;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/105010
http://www.securitytracker.com/id/1041415
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/
https://support.hp.com/us-en/document/c06097712

Related CVE
CVE-2019-11986
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11985
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11984
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11983
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11982
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11980
A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11979
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11978
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Copyright 2019, cxsecurity.com

 

Back to Top