HP OfficeJet Pro and PageWide Pro PJL Interface Directory Traversal RCE

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a remote code execution
vulnerability.

Description :

The remote HP OfficeJet Pro or PageWide Pro printer is affected by an
unspecified flaw in the Printer Job Language (PJL) interface, within
various PJL and PostScript file handling functions, due to improper
sanitization of user-supplied input. An unauthenticated, remote
attacker can exploit this, via directory traversal, to write arbitrary
files, resulting in the execution of arbitrary code.

See also :

https://support.hp.com/lv-en/document/c05462914

Solution :

Apply the appropriate firmware update according to the vendor
advisory.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 7.8
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 100461 ()

Bugtraq ID:

CVE ID: CVE-2017-2741

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now