CVE-2017-2747
moderate-risk
Published 2018-01-23
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
T790 Firmware
T795 Firmware
T1300 Firmware
T2300 Firmware
T920 Firmware
T930 Firmware
T1500 Firmware
T1530 Firmware
T2500 Firmware
T2530 Firmware
T3500 Firmware
110 Firmware
310 Firmware
330 Firmware
360 Firmware
370 Firmware
315 Firmware
335 Firmware
365 Firmware
375 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.hp.com/us-en/document/c05624457
Vendor Advisory
https://support.hp.com/us-en/document/c05624457
45
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate