HP OfficeJet Pro and PageWide Pro PJL Interface Directory Traversal RCE
High Nessus Plugin ID 100461
SynopsisThe remote device is affected by a remote code execution vulnerability.
DescriptionThe remote HP OfficeJet Pro or PageWide Pro printer is affected by an unspecified flaw in the Printer Job Language (PJL) interface, within various PJL and PostScript file handling functions, due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via directory traversal, to write arbitrary files, resulting in the execution of arbitrary code.
SolutionApply the appropriate firmware update according to the vendor advisory.