CVE-2017-2747

7.8HIGH

Key Information:

Vendor: HP
Status: HP Designjet Printers; HP Latex Printers
Vendor: CVE Published:; 23 January 2018

Summary

HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

Affected Version(s)

HP Designjet printers; HP Latex printers fixed in IG_11_00_00.10, MRY_04_05_00.5, and AENEAS_03_04_00.9

HP Designjet printers; HP Latex printers NEXUS_01_12_00.11, NEXUS_03_12_00.15, and STORM_00_05_01.6

References

https://support.hp.com/us-en/document/c05624457

vendor-advisoryx_refsource_HP

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2018
Vulnerability Reserved
Dec 1, 2016