icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

HP Jet Admin 7.x Traversal Arbitrary Command Execution

Low

Synopsis

The remote host is vulnerable to a directory traversal flaw

Description

The remote host is an HP Web JetAdmin server. 7.X versions of this server are vulnerable to a directory traversal attack which can reveal the contents of arbitrary files, or be used to execute arbitrary commands.

Solution

Set a password for the JetAdmin and ensure that you are running the latest version of the Webserver software. In addition, the device supports IP-based Access Control Lists (ACLs) which can be used to restrict access to only valid administrators.