Vulnerability CVE-2018-5925


Published: 2018-08-13

Description:
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: HP
Product: K7s42a firmware 
Version: 1832a;
Product: G0v47 firmware 
Version: 1831a;
Product: K7c84 firmware 
Version: 1831a;
Product: D4j85b firmware 
Version: 1831a;
Product: G0450 firmware 
Version: 1831a;
Product: Cz282a firmware 
Version: 1831a;
Product: G0v48b firmware 
Version: 1831a;
Product: M2u76 firmware 
Version: 1831a;
Product: F8b04a firmware 
Version: 1830b;
Product: F8b06a firmware 
Version: 1830b;
Product: K7g86 firmware 
Version: 1830b;
Product: F8b05a firmware 
Version: 1830b;
Product: B9s56a firmware 
Version: 1830b;
Product: B9s58a firmware 
Version: 1830b;
Product: F8b13a firmware 
Version: 1830b;
Product: F5s00 firmware 
Version: 1830a;
Product: K9v76 firmware 
Version: 1830a;
Product: F1h96 firmware 
Version: 1830a;
Product: T0f29a firmware 
Version: 1830a;
Product: Y0s18a firmware 
Version: 1830a;
Product: B4l08a firmware 
Version: 1830a;
Product: D4h25a firmware 
Version: 1830a;
Product: Cz025a firmware 
Version: 1830a;
Product: F1j00 firmware 
Version: 1830a;
Product: F8b12a firmware 
Version: 1830a;
Product: F5r96a firmware 
Version: 1830a;
Product: B9s76 firmware 
Version: 1830a;
Product: B4l03 firmware 
Version: 1830a;
Product: T8w35a firmware 
Version: 1830a;
Product: Cz294a firmware 
Version: 1830a;
Product: F8b09 firmware 
Version: 1830a;
Product: Cz284a firmware 
Version: 1830a;
Product: Z4b12 firmware 
Version: 1830a;
Product: D4j74 firmware 
Version: 1830a;
Product: Cz045a firmware 
Version: 1830a;
Product: F5r95 firmware 
Version: 1830a;
Product: F9d36 firmware 
Version: 1830a;
Product: E4w43 firmware 
Version: 1829d;
Product: K7g18a firmware 
Version: 1829d;
Product: Cn460a firmware 
Version: 1829b;
Product: Cq893ar firmware 
Version: 1829b;
Product: Cq891a firmware 
Version: 1829b;
Product: Cq890ar firmware 
Version: 1829b;
Product: Cn463a firmware 
Version: 1829b;
Product: Cq893c firmware 
Version: 1829b;
Product: Cq891b firmware 
Version: 1829b;
Product: Cq890c firmware 
Version: 1829b;
Product: Cn459a firmware 
Version: 1829b;
Product: Cq893a firmware 
Version: 1829b;
Product: Cq890e firmware 
Version: 1829b;
Product: Cq890a firmware 
Version: 1829b;
Product: Cn598a firmware 
Version: 1829b;
Product: Cn461a firmware 
Version: 1829b;
Product: Cq893b firmware 
Version: 1829b;
Product: Cq891ar firmware 
Version: 1829b;
Product: Cq890b firmware 
Version: 1829b;
Product: Cq176a firmware 
Version: 1829b;
Product: Cv037a firmware 
Version: 1829b;
Product: Cq893e firmware 
Version: 1829b;
Product: Cq891c firmware 
Version: 1829b;
Product: Cq890d firmware 
Version: 1829b;
Product: Cq761a firmware 
Version: 1829b;
Product: Y5z00a firmware 
Version: 1829a;
Product: K7v42c firmware 
Version: 1829a;
Product: Cr769a firmware 
Version: 1829a;
Product: N9m07a firmware 
Version: 1829a;
Product: K4t99b firmware 
Version: 1829a;
Product: F9a28b firmware 
Version: 1829a;
Product: Cz283a firmware 
Version: 1829a;
Product: F5s57a firmware 
Version: 1829a;
Product: 1jl02b firmware 
Version: 1829a;
Product: Cm750a firmware 
Version: 1829a;
Product: B9s57c firmware 
Version: 1829a;
Product: F9a29b firmware 
Version: 1829a;
Product: T5d67a firmware 
Version: 1829a;
Product: F5s65a firmware 
Version: 1829a;
Product: Cz152a firmware 
Version: 1829a;
Product: Cv136a firmware 
Version: 1829a;
Product: K7v35 firmware 
Version: 1829a;
Product: Cr768a firmware 
Version: 1829a;
Product: X3b09a firmware 
Version: 1829a;
Product: F9a28a firmware 
Version: 1829a;
Product: M2q28a firmware 
Version: 1829a;
Product: F5s43 firmware 
Version: 1829a;
Product: 1jl02a firmware 
Version: 1829a;
Product: Cm749a firmware 
Version: 1829a;
Product: Cr771a firmware 
Version: 1829a;
Product: P0r21a firmware 
Version: 1829a;
Product: K4u04b firmware 
Version: 1829a;
Product: F9a29a firmware 
Version: 1829a;
Product: T5d66a firmware 
Version: 1829a;
Product: F5s60a firmware 
Version: 1829a;
Product: Cn216a firmware 
Version: 1829a;
Product: J3p68a firmware 
Version: 1829a;
Product: T0a23a firmware 
Version: 1829a;
Product: Cx017a firmware 
Version: 1828b;
Product: G3j47a firmware 
Version: 1828b;
Product: A7f66a firmware 
Version: 1828b;
Product: G0v48c firmware 
Version: 1828b;
Product: A9j41 firmware 
Version: 1828b;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/105010
http://www.securitytracker.com/id/1041415
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/
https://support.hp.com/us-en/document/c06097712

Related CVE
CVE-2019-6333
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touc...
CVE-2019-11656
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
CVE-2019-11655
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
CVE-2019-5408
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. Th...
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

Copyright 2019, cxsecurity.com

 

Back to Top