CVE-2017-2741

critical-risk

Published 2018-01-23

A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.

Do I need to act?

87.6% chance of exploitation in next 30 days

EPSS score — higher than 12% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

2 public exploits available

42176, 45273

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

J9V82A Firmware

J9V82B Firmware

J9V82C Firmware

J9V82D Firmware

J6U55A Firmware

J6U55B Firmware

J6U55C Firmware

J6U55D Firmware

K9Z76A Firmware

K9Z76D Firmware

D3Q17A Firmware

D3Q17C Firmware

D3Q17D Firmware

D3Q21A Firmware

D3Q21C Firmware

D3Q21D Firmware

D3Q20A Firmware

D3Q20B Firmware

D3Q20C Firmware

D3Q20D Firmware

Affected Vendors

References (6)

Vendor Advisory https://support.hp.com/us-en/document/c05462914

Third Party Advisory https://www.exploit-db.com/exploits/42176/

https://www.exploit-db.com/exploits/45273/

Vendor Advisory https://support.hp.com/us-en/document/c05462914

Third Party Advisory https://www.exploit-db.com/exploits/42176/

https://www.exploit-db.com/exploits/45273/

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 24/34 · High