HP Jet Admin 7.x Traversal Arbitrary Command Execution
Low Nessus Network Monitor Plugin ID 1211
SynopsisThe remote host is vulnerable to a directory traversal flaw
DescriptionThe remote host is an HP Web JetAdmin server. 7.X versions of this server are vulnerable to a directory traversal attack which can reveal the contents of arbitrary files, or be used to execute arbitrary commands.
SolutionSet a password for the JetAdmin and ensure that you are running the latest version of the Webserver software. In addition, the device supports IP-based Access Control Lists (ACLs) which can be used to restrict access to only valid administrators.