Lucene search
NTT SecurityHP:C05839270HistoryNov 17, 2017 - 12:00 a.m.
HPSBPI03569 rev 4 - HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers, Execution of arbitrary code
2017-11-1700:00:00
NTT Security
support.hp.com
33
EPSS
0.004
Percentile
74.7%
Potential Security Impact
Execution of arbitrary code
Source: NTT Security
Reported By: Stephen Breen
VULNERABILITY SUMMARY
Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code.
RESOLUTION
Available Mitigation Settings:
The vulnerability can be avoided by either of the following actions:
- Set the Local Administrator password for the Embedded Web Server (EWS).
Open the printer EWS, click the Security tab, then locate the Local Administrator Password section.
- Disable Allow firmware upgrades sent as print jobs (Port 9100) setting.
Open the printer EWS, click the Security tab, then locate the Firmware Upgrade Security section.
These recommendations are documented in HP Printing Security Best Practices for HP LaserJet Enterprise Printers.
-
See page 35 for EWS administrator password configuration.
-
See page 37 for Allow firmware upgrades sent as print jobs configuration.
Related
nessus
nessus
HP OfficeJet Printers RCE (HPSBPI03569)
2017-11-28 00:00:00
HP LaserJet Printers RCE (HPSBPI03569)
2017-11-28 00:00:00
openvas
openvas
HP Printers DLL Signature Validation Vulnerability (Jan 2018)
2018-01-26 00:00:00
HP Printers RCE Vulnerability (CVE-2017-2750)
2017-11-23 00:00:00
cve
cve
CVE-2017-2750
2018-01-23 16:29:01
thn
thn
Remotely Exploitable Flaw Found In HP Enterprise PrintersโPatch Now
2017-11-22 21:26:00
threatpost
threatpost
HP to Patch RCE Bug Impacting 50 Enterprise Printer Models
2017-11-22 13:22:24
prion
prion
Authorization
2018-01-23 16:29:00
cvelist
cvelist
CVE-2017-2750
2018-01-23 16:00:00
nvd
nvd
CVE-2017-2750
2018-01-23 16:29:01