Vulnerabilities > CVE-2018-5924 - Out-of-bounds Write vulnerability in HP products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
hp
CWE-787
critical
nessus

Summary

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

Vulnerable Configurations

Part Description Count
OS
Hp
270
Hardware
Hp
270

Common Weakness Enumeration (CWE)

Nessus

NASL familyMisc.
NASL idHP_PRINTERS_HPSBHF03589.NASL
descriptionThe firmware version running on the remote host is vulnerable to multiple vulnerabilities. An unauthenticated remote attacker could gain system-level unauthorized access to the affected device. Note that Nessus has not tested for these issues but has instead relied only on the self-reported version number of the device.
last seen2020-06-01
modified2020-06-02
plugin id111666
published2018-08-13
reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/111666
titleHP Ink Printers Multiple Vulnerabilities (HPSBHF03589)

The Hacker News

idTHN:2F395858FFE43BF6A13B6CD08DF6F996
last seen2018-08-14
modified2018-08-14
published2018-08-14
reporterThe Hacker News
sourcehttps://thehackernews.com/2018/08/hack-printer-fax-machine.html
titleHackers can compromise your network just by sending a Fax