HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6113

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting HP Managed Printing Administration, a printer management application.

Versions of HP Managed Printing Administration earlier than 2.6.4 are potentially affected by multiple vulnerabilities :

Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files. (CVE-2011-4166)

- An extended length string can be passed into scripts within the management website and ultimately to MPAUploader.dll which could be exploited to execute arbitrary code. (CVE-2011-4167)

- Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remote create arbitrary files. (CVE-2011-4168)

Solution

Upgrade to HP Managed Printing Administration 2.6.4 or later.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-11-352

http://www.zerodayinitiative.com/advisories/ZDI-11-353

http://www.zerodayinitiative.com/advisories/ZDI-11-354

Plugin Details

Severity: High

ID: 6113

Family: CGI

Published: 2011/12/27

Modified: 2016/02/05

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8.6

Temporal Score: 7.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2011/12/22

Vulnerability Publication Date: 2011/12/22

Exploitable With

Metasploit (HP Managed Printing Administration jobAcct Remote Command Execution)

Reference Information

CVE: CVE-2011-4166, CVE-2011-4167, CVE-2011-4168, CVE-2011-4169

BID: 51174