Details of VAR-201801-0229

ID

VAR-201801-0229

CVE

CVE-2017-2741

TITLE

HP PageWide Printer and OfficeJet Pro Access control vulnerability in printer firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-012233

DESCRIPTION

A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code. HP PageWide Printer and OfficeJet Pro The printer firmware contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The HP Officejet 8500A is a print/copy/scan/fax MFP from HP

Trust: 2.52

sources: NVD: CVE-2017-2741 // JVNDB: JVNDB-2017-012233 // CNVD: CNVD-2017-13140 // BID: 102831 // VULMON: CVE-2017-2741

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-13140

AFFECTED PRODUCTS

vendor:	hp	model:	d3q20d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q20b	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	k9z76d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q15d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j6u55b	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d9l21a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q21d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j9v80b	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	k9z76a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q21c	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j6u57b	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j9v82a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j9v80a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d9l63a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d9l64a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q20a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j6u55c	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q17d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j9v82d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q20c	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q15a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q17a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j9v82b	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j9v82c	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q19d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j6u55d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q16b	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q17c	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q21a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q15b	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j3p68a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d9l20a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q16a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q16c	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q19a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	d3q16d	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	t0g70a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hp	model:	j6u55a	scope:	lt	version:	1708d	Trust: 1.0
vendor:	hewlett packard	model:	d3q17a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	d9l20a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	j3p68a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	j6u55a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	j6u57b	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	j9v80a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	j9v82a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	k9z76a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hewlett packard	model:	t0g70a	scope:	lt	version:	1708d	Trust: 0.8
vendor:	hp	model:	officejet pro	scope:	eq	version:	8210	Trust: 0.6
vendor:	hp	model:	pagewide pro mfp 577z k9z76d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577z k9z76a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577dw d3q21d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577dw d3q21c	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577dw d3q21a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20c	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20b	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dn d3q19d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dn d3q19a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 552dw d3q17d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 552dw d3q17c	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 552dw d3q17a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16c	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16b	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dn d3q15d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dn d3q15b	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dn d3q15a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide mfp 377dw j9v80b	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide mfp 377dw j9v80a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55c	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55b	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55b	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82d	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82c	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82b	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82a	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	pagewide 352dw j6u57b	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	officejet pro all-in-one printer d9l21a	scope:	eq	version:	87400	Trust: 0.3
vendor:	hp	model:	officejet pro all-in-one printer d9l20a	scope:	eq	version:	87300	Trust: 0.3
vendor:	hp	model:	officejet pro printer j3p68a	scope:	eq	version:	82180	Trust: 0.3
vendor:	hp	model:	officejet pro printer t0g70a	scope:	eq	version:	82160	Trust: 0.3
vendor:	hp	model:	officejet pro printer d9l64a	scope:	eq	version:	82100	Trust: 0.3
vendor:	hp	model:	officejet pro printer d9l63a	scope:	eq	version:	82100	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577z k9z76d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577z k9z76a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577dw d3q21d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577dw d3q21c 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 577dw d3q21a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20c 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20b 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dw d3q20a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dn d3q19d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro mfp 477dn d3q19a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 552dw d3q17d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 552dw d3q17c 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 552dw d3q17a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16c 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16b 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dw d3q16a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dn d3q15d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dn d3q15b 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide pro 452dn d3q15a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide mfp 377dw j9v80b 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide mfp 377dw j9v80a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55c 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55b 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed p55250dw j6u55b1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82d 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82c 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82b 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide managed mfp p57750dw j9v82a 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	pagewide 352dw j6u57b 1708d	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	officejet pro all-in-one printer d9l21a 1708d	scope:	ne	version:	8740	Trust: 0.3
vendor:	hp	model:	officejet pro all-in-one printer d9l20a 1708d	scope:	ne	version:	8730	Trust: 0.3
vendor:	hp	model:	officejet pro printer j3p68a 1708d	scope:	ne	version:	8218	Trust: 0.3
vendor:	hp	model:	officejet pro printer t0g70a 1708d	scope:	ne	version:	8216	Trust: 0.3
vendor:	hp	model:	officejet pro printer d9l64a 1708d	scope:	ne	version:	8210	Trust: 0.3
vendor:	hp	model:	officejet pro printer d9l63a 1708d	scope:	ne	version:	8210	Trust: 0.3

sources: CNVD: CNVD-2017-13140 // BID: 102831 // JVNDB: JVNDB-2017-012233 // NVD: CVE-2017-2741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2741
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-2741
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-13140
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-1020
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2017-2741
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2741
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-13140
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-2741
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-13140 // VULMON: CVE-2017-2741 // JVNDB: JVNDB-2017-012233 // CNNVD: CNNVD-201711-1020 // NVD: CVE-2017-2741

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2017-012233 // NVD: CVE-2017-2741

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1020

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-1020

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012233

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2017-2741

PATCH

title:	HPSBPI03555	url:	https://support.hp.com/us-en/document/c05462914	Trust: 0.8
title:	Multiple HP Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76729	Trust: 0.6
title:	HP: HPSBPI03555 rev. 2 - HP PageWide Printers, HP OfficeJet Pro Printers, Arbitrary Code Execution	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03555	Trust: 0.1

sources: VULMON: CVE-2017-2741 // JVNDB: JVNDB-2017-012233 // CNNVD: CNNVD-201711-1020

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2741	Trust: 3.4
db:	EXPLOIT-DB	id:	42176	Trust: 2.3
db:	EXPLOIT-DB	id:	45273	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-012233	Trust: 0.8
db:	EXPLOITDB	id:	42176	Trust: 0.6
db:	CNVD	id:	CNVD-2017-13140	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-1020	Trust: 0.6
db:	BID	id:	102831	Trust: 0.4
db:	VULMON	id:	CVE-2017-2741	Trust: 0.1

sources: CNVD: CNVD-2017-13140 // VULMON: CVE-2017-2741 // BID: 102831 // JVNDB: JVNDB-2017-012233 // CNNVD: CNNVD-201711-1020 // NVD: CVE-2017-2741

REFERENCES

url:	https://www.exploit-db.com/exploits/42176/	Trust: 2.3
url:	https://support.hp.com/us-en/document/c05462914	Trust: 2.1
url:	https://www.exploit-db.com/exploits/45273/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2741	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2741	Trust: 0.8
url:	http://www.hp.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/modules/exploit/linux/misc/hp_jetdirect_path_traversal	Trust: 0.1
url:	https://www.securityfocus.com/bid/102831	Trust: 0.1

sources: CNVD: CNVD-2017-13140 // VULMON: CVE-2017-2741 // BID: 102831 // JVNDB: JVNDB-2017-012233 // CNNVD: CNNVD-201711-1020 // NVD: CVE-2017-2741

CREDITS

HP Product Security Response Team (PSRT)

Trust: 0.6

sources: CNNVD: CNNVD-201711-1020

SOURCES

db:	CNVD	id:	CNVD-2017-13140
db:	VULMON	id:	CVE-2017-2741
db:	BID	id:	102831
db:	JVNDB	id:	JVNDB-2017-012233
db:	CNNVD	id:	CNNVD-201711-1020
db:	NVD	id:	CVE-2017-2741

LAST UPDATE DATE

2024-11-23T23:02:18.090000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-13140	date:	2017-07-10T00:00:00
db:	VULMON	id:	CVE-2017-2741	date:	2019-10-03T00:00:00
db:	BID	id:	102831	date:	2017-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-012233	date:	2018-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201711-1020	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2741	date:	2024-11-21T03:24:05.587

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-13140	date:	2017-07-07T00:00:00
db:	VULMON	id:	CVE-2017-2741	date:	2018-01-23T00:00:00
db:	BID	id:	102831	date:	2017-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-012233	date:	2018-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201711-1020	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-2741	date:	2018-01-23T16:29:00.787