CVE-2017-2747 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2017-2747?

CVE-2017-2747 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-2747?

Check the references section above for vendor advisories and patch information. Affected products include: Hp T790 Firmware, Hp T790, Hp T795 Firmware, Hp T795, Hp T1300 Firmware.

Vulnerability Description

HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	T790 Firmware	<= ig_11_00_00.09
Hp	T790	-
Hp	T795 Firmware	<= ig_11_00_00.09
Hp	T795	-
Hp	T1300 Firmware	<= ig_11_00_00.09
Hp	T1300	-
Hp	T2300 Firmware	<= ig_11_00_00.09
Hp	T2300	-
Hp	T920 Firmware	<= mry_04_05_00.4
Hp	T920	-
Hp	T930 Firmware	<= mry_04_05_00.4
Hp	T930	-
Hp	T1500 Firmware	<= mry_04_05_00.4
Hp	T1500	-
Hp	T1530 Firmware	<= mry_04_05_00.4
Hp	T1530	-
Hp	T2500 Firmware	<= mry_04_05_00.4
Hp	T2500	-
Hp	T2530 Firmware	<= mry_04_05_00.4
Hp	T2530	-

References

https://support.hp.com/us-en/document/c05624457Vendor Advisory
https://support.hp.com/us-en/document/c05624457Vendor Advisory

FAQ

What is CVE-2017-2747?

CVE-2017-2747 is a vulnerability with a CVSS score of 7.8 (HIGH). HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AE...

How severe is CVE-2017-2747?

CVE-2017-2747 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2747?

Check the references section above for vendor advisories and patch information. Affected products include: Hp T790 Firmware, Hp T790, Hp T795 Firmware, Hp T795, Hp T1300 Firmware.