CVE-2017-2750

critical-risk

Published 2018-01-23

Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.

Do I need to act?

14.0% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

L2683A Firmware

L2717A Firmware

L2762A Firmware

J7Z13A Firmware

Z5G79A Firmware

L3U42A Firmware

J7Z08A Firmware

J7Z14A Firmware

Z5G77A Firmware

J7Z03A Firmware

J7Z07A Firmware

J7Z05A Firmware

L3U43A Firmware

G1W41A Firmware

G1W41V Firmware

J7Z06A Firmware

G1W46A Firmware

G1W46V Firmware

G1W47V Firmware

L3U44A Firmware

Affected Vendors

References (4)

Third Party Advisory http://www.securityfocus.com/bid/101965

Mitigation https://support.hp.com/us-en/document/c05839270

Third Party Advisory http://www.securityfocus.com/bid/101965

Mitigation https://support.hp.com/us-en/document/c05839270

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 12/34 · Low

Exposure 33/34 · Critical