ID CVE-2017-2741
Summary A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:h:hp:j9v82a
    cpe:2.3:h:hp:j9v82a
  • cpe:2.3:h:hp:j9v82b
    cpe:2.3:h:hp:j9v82b
  • cpe:2.3:h:hp:j9v82c
    cpe:2.3:h:hp:j9v82c
  • cpe:2.3:h:hp:j9v82d
    cpe:2.3:h:hp:j9v82d
  • cpe:2.3:h:hp:j6u55a
    cpe:2.3:h:hp:j6u55a
  • cpe:2.3:h:hp:j6u55b
    cpe:2.3:h:hp:j6u55b
  • cpe:2.3:h:hp:j6u55c
    cpe:2.3:h:hp:j6u55c
  • cpe:2.3:h:hp:j6u55d
    cpe:2.3:h:hp:j6u55d
  • cpe:2.3:h:hp:k9z76a
    cpe:2.3:h:hp:k9z76a
  • cpe:2.3:h:hp:k9z76d
    cpe:2.3:h:hp:k9z76d
  • cpe:2.3:h:hp:d3q17a
    cpe:2.3:h:hp:d3q17a
  • cpe:2.3:h:hp:d3q17c
    cpe:2.3:h:hp:d3q17c
  • cpe:2.3:h:hp:d3q17d
    cpe:2.3:h:hp:d3q17d
  • cpe:2.3:h:hp:d3q21a
    cpe:2.3:h:hp:d3q21a
  • cpe:2.3:h:hp:d3q21c
    cpe:2.3:h:hp:d3q21c
  • cpe:2.3:h:hp:d3q21d
    cpe:2.3:h:hp:d3q21d
  • cpe:2.3:h:hp:d3q20a
    cpe:2.3:h:hp:d3q20a
  • cpe:2.3:h:hp:d3q20b
    cpe:2.3:h:hp:d3q20b
  • cpe:2.3:h:hp:d3q20c
    cpe:2.3:h:hp:d3q20c
  • cpe:2.3:h:hp:d3q20d
    cpe:2.3:h:hp:d3q20d
  • cpe:2.3:h:hp:d3q16a
    cpe:2.3:h:hp:d3q16a
  • cpe:2.3:h:hp:d3q16b
    cpe:2.3:h:hp:d3q16b
  • cpe:2.3:h:hp:d3q16c
    cpe:2.3:h:hp:d3q16c
  • cpe:2.3:h:hp:d3q16d
    cpe:2.3:h:hp:d3q16d
  • cpe:2.3:h:hp:d3q19a
    cpe:2.3:h:hp:d3q19a
  • cpe:2.3:h:hp:d3q19d
    cpe:2.3:h:hp:d3q19d
  • cpe:2.3:h:hp:d3q15a
    cpe:2.3:h:hp:d3q15a
  • cpe:2.3:h:hp:d3q15b
    cpe:2.3:h:hp:d3q15b
  • cpe:2.3:h:hp:d3q15d
    cpe:2.3:h:hp:d3q15d
  • cpe:2.3:h:hp:j9v80a
    cpe:2.3:h:hp:j9v80a
  • cpe:2.3:h:hp:j9v80b
    cpe:2.3:h:hp:j9v80b
  • cpe:2.3:h:hp:j6u57b
    cpe:2.3:h:hp:j6u57b
  • cpe:2.3:h:hp:d9l20a
    cpe:2.3:h:hp:d9l20a
  • cpe:2.3:h:hp:d9l21a
    cpe:2.3:h:hp:d9l21a
  • cpe:2.3:h:hp:d9l63a
    cpe:2.3:h:hp:d9l63a
  • cpe:2.3:h:hp:d9l64a
    cpe:2.3:h:hp:d9l64a
  • cpe:2.3:h:hp:t0g70a
    cpe:2.3:h:hp:t0g70a
  • cpe:2.3:h:hp:j3p68a
    cpe:2.3:h:hp:j3p68a
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
exploit-db via4
  • description HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution. CVE-2017-2741. Remote exploit for Hardware platform
    file exploits/hardware/remote/42176.py
    id EDB-ID:42176
    last seen 2017-06-15
    modified 2017-06-14
    platform hardware
    port 9100
    published 2017-06-14
    reporter Exploit-DB
    source https://www.exploit-db.com/download/42176/
    title HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution
    type remote
  • description HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit). CVE-2017-2741. Remote exploit for Unix platform. Tags: Metasploit Framework (MSF), Remote
    file exploits/unix/remote/45273.rb
    id EDB-ID:45273
    last seen 2018-10-07
    modified 2018-08-27
    platform unix
    port
    published 2018-08-27
    reporter Exploit-DB
    source https://www.exploit-db.com/download/45273/
    title HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)
    type remote
metasploit via4
description The module exploits a path traversal via Jetdirect to gain arbitrary code execution by writing a shell script that is loaded on startup to /etc/profile.d. Then, the printer is restarted using SNMP. Impacted printers: HP PageWide Managed MFP P57750dw HP PageWide Managed P55250dw HP PageWide Pro MFP 577z HP PageWide Pro 552dw HP PageWide Pro MFP 577dw HP PageWide Pro MFP 477dw HP PageWide Pro 452dw HP PageWide Pro MFP 477dn HP PageWide Pro 452dn HP PageWide MFP 377dw HP PageWide 352dw HP OfficeJet Pro 8730 All-in-One Printer HP OfficeJet Pro 8740 All-in-One Printer HP OfficeJet Pro 8210 Printer HP OfficeJet Pro 8216 Printer HP OfficeJet Pro 8218 Printer Please read the module documentation regarding the possibility for leaving an unauthenticated telnetd service running as a side effect of this exploit.
id MSF:EXPLOIT/LINUX/MISC/HP_JETDIRECT_PATH_TRAVERSAL
last seen 2019-03-23
modified 2018-08-23
published 2017-12-29
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/hp_jetdirect_path_traversal.rb
title HP Jetdirect Path Traversal Arbitrary Code Execution
nessus via4
NASL family General
NASL id HP_PRINTER_RCE.NASL
description The remote HP OfficeJet Pro or PageWide Pro printer is affected by an unspecified flaw in the Printer Job Language (PJL) interface, within various PJL and PostScript file handling functions, due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via directory traversal, to write arbitrary files, resulting in the execution of arbitrary code.
last seen 2019-02-21
modified 2018-08-24
plugin id 100461
published 2017-05-26
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=100461
title HP OfficeJet Pro and PageWide Pro PJL Interface Directory Traversal RCE
packetstorm via4
refmap via4
hp HPSBPI03555
Last major update 23-01-2018 - 11:29
Published 23-01-2018 - 11:29
Last modified 29-08-2018 - 06:29
Back to Top