Lucene search

[email protected]CVE-2017-2747

HistoryJan 23, 2018 - 4:29 p.m.

CVE-2017-2747

2018-01-2316:29:01

[email protected]

web.nvd.nist.gov

security vulnerability

designjet

latex printers

firmware

smtp server

credential exposure

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

Affected configurations

NVD

Node

hpt790_firmwareRange≤ig_11_00_00.09

AND

hpt790Match-

Node

hpt795_firmwareRange≤ig_11_00_00.09

AND

hpt795Match-

Node

hpt1300_firmwareRange≤ig_11_00_00.09

AND

hpt1300Match-

Node

hpt2300_firmwareRange≤ig_11_00_00.09

AND

hpt2300Match-

Node

hpt920_firmwareRange≤mry_04_05_00.4

AND

hpt920Match-

Node

hpt930_firmwareRange≤mry_04_05_00.4

AND

hpt930Match-

Node

hpt1500_firmwareRange≤mry_04_05_00.4

AND

hpt1500Match-

Node

hpt1530_firmwareRange≤mry_04_05_00.4

AND

hpt1530Match-

Node

hpt2500_firmwareRange≤mry_04_05_00.4

AND

hpt2500Match-

Node

hpt2530_firmwareRange≤mry_04_05_00.4

AND

hpt2530Match-

Node

hpt3500_firmwareRange≤aeneas_03_04_00.8

AND

hpt3500Match-

Node

hp110_firmwareRange≤nexus_00_04_53.8

AND

hp110Match-

Node

hp310_firmwareRange≤nexus_01_12_00.10

AND

hp310Match-

Node

hp330_firmwareRange≤nexus_01_12_00.10

AND

hp330Match-

Node

hp360_firmwareRange≤nexus_01_12_00.10

AND

hp360Match-

Node

hp370_firmwareRange≤nexus_01_12_00.10

AND

hp370Match-

Node

hp315_firmwareRange≤nexus_03_12_00.14

AND

hp315Match-

Node

hp335_firmwareRange≤nexus_03_12_00.14

AND

hp335Match-

Node

hp365_firmwareRange≤nexus_03_12_00.14

AND

hp365Match-

Node

hp375_firmwareRange≤nexus_03_12_00.14

AND

hp375Match-

Node

hp560_firmwareRange≤storm_00_05_01.5

AND

hp560Match-

Node

hp570_firmwareRange≤storm_00_05_01.5

AND

hp570Match-

CPENameOperatorVersion
hp:t790_firmwarehp t790 firmwareleig_11_00_00.09

CPE	Name	Operator	Version
hp:t790_firmware	hp t790 firmware	le	ig_11_00_00.09

CNA Affected

[
  {
    "product": "HP Designjet printers; HP Latex printers",
    "vendor": "HP Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "fixed in IG_11_00_00.10, MRY_04_05_00.5, and AENEAS_03_04_00.9"
      },
      {
        "status": "affected",
        "version": "NEXUS_01_12_00.11, NEXUS_03_12_00.15, and STORM_00_05_01.6"
      }
    ]
  }
]

References

support.hp.com/us-en/document/c05624457

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-2747

openvas1 nvd1 cvelist1 prion1