HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness
BID:9971
Info
HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness
| Bugtraq ID: | 9971 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2004 12:00AM |
| Updated: | Mar 24 2004 12:00AM |
| Credit: | Discovery is credited to "wirepair" <[email protected]>. |
| Vulnerable: |
HP Web Jetadmin 7.5.2456 |
| Not Vulnerable: | |
Discussion
HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness
HP Web Jetadmin is prone to an issue which may permit remote users to upload arbitrary files to the management server.
This issue exists in the printer firmware update script. Given the ability to place arbitrary files on the server to an attacker-specified location, it may be possible to execute arbitrary code, though this will require exploitation of other known vulnerabilities, such as BID 9972 "HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability".
Authentication, if it has been enabled, would be required to exploit this issue.
This issue was reported in HP Web Jetadmin version 7.5.2546 on a Windows platform. Other versions may be similarly affected.
HP Web Jetadmin is prone to an issue which may permit remote users to upload arbitrary files to the management server.
This issue exists in the printer firmware update script. Given the ability to place arbitrary files on the server to an attacker-specified location, it may be possible to execute arbitrary code, though this will require exploitation of other known vulnerabilities, such as BID 9972 "HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability".
Authentication, if it has been enabled, would be required to exploit this issue.
This issue was reported in HP Web Jetadmin version 7.5.2546 on a Windows platform. Other versions may be similarly affected.
Exploit / POC
HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness
This issue may be exploited with a web browser by accessing the firmware update script. The following example was provided:
https://www.example.com:8443/plugins/hpjwja/script/devices_update_printer_fw_upload.hts
This issue may be exploited with a web browser by accessing the firmware update script. The following example was provided:
https://www.example.com:8443/plugins/hpjwja/script/devices_update_printer_fw_upload.hts
Solution / Fix
HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness
References:
References:
- HP Web Jetadmin Homepage (HP)
- HP Web JetAdmin vulnerabilities. ("wirepair"