Vulnerability Description
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | 26K70B Firmware | < 2349b |
| Hp | 26K70B | - |
| Hp | 297X1A Firmware | < 2349b |
| Hp | 297X1A | - |
| Hp | 2A9Q5A Firmware | < 2349b |
| Hp | 2A9Q5A | - |
| Hp | 26K72A Firmware | < 2349b |
| Hp | 26K72A | - |
| Hp | 26K69A Firmware | < 2349b |
| Hp | 26K69A | - |
| Hp | 26K70A Firmware | < 2349b |
| Hp | 26K70A | - |
| Hp | 26K71A Firmware | < 2349b |
| Hp | 26K71A | - |
| Hp | 26K68A Firmware | < 2349b |
| Hp | 26K68A | - |
| Hp | 26K67A Firmware | < 2349b |
| Hp | 26K67A | - |
| Hp | 3Xv19A Firmware | < 2349b |
| Hp | 3Xv19A | - |
Related Weaknesses (CWE)
References
- https://support.hp.com/us-en/document/ish_10354903-10354932-16Vendor Advisory
- https://support.hp.com/us-en/document/ish_10354903-10354932-16Vendor Advisory
FAQ
What is CVE-2024-2209?
CVE-2024-2209 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft ...
How severe is CVE-2024-2209?
CVE-2024-2209 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2209?
Check the references section above for vendor advisories and patch information. Affected products include: Hp 26K70B Firmware, Hp 26K70B, Hp 297X1A Firmware, Hp 297X1A, Hp 2A9Q5A Firmware.