Insufficient DLL Signature Validation in HP LaserJet and PageWide Enterprise Printers
CVE-2017-2750

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Laserjet Enterprise Printers, HP Pagewide Enterprise Printers, HP Laserjet Managed Printers, HP Officejet Enterprise Printers
Vendor: CVE Published:; 23 January 2018

Summary

A vulnerability exists in multiple HP printer models that fails to validate the signatures of solution DLLs properly. This insufficiency can be exploited to execute arbitrary code, potentially allowing attackers to manipulate printer operations, compromise sensitive data, or gain unauthorized access to network resources. This issue affects HP LaserJet Enterprise, PageWide Enterprise, Managed, and OfficeJet Enterprise printers that have not received the latest firmware updates.

Affected Version(s)

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers 2308937_578479, 2405087_018548, and other firmware versions.

References

https://support.hp.com/us-en/document/c05839270

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/101965

vdb-entryx_refsource_BID

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2018
Vulnerability Reserved
Dec 1, 2016