Vulnerability-Lookup

CNVD-2018-04191

Vulnerability from cnvd - Published: 2018-03-02

Title

多款HP产品SMTP凭证漏洞

Description

HP DesignJet T790等都是美国惠普（HP）公司的打印机设备。多款HP产品中存在SMTP凭证漏洞。攻击者可利用该漏洞获取SMTP服务器的证书。

Severity

低

Patch Name

多款HP产品SMTP凭证漏洞的补丁

Patch Description

HP DesignJet T790等都是美国惠普（HP）公司的打印机设备。多款HP产品中存在SMTP凭证漏洞。攻击者可利用该漏洞获取SMTP服务器的证书。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.hp.com/us-en/document/c05624457

Reference

https://support.hp.com/us-en/document/c05624457

Impacted products

Name
['HP Latex 310 <NEXUS_01_12_00.11', 'HP Latex 330 <NEXUS_01_12_00.11', 'HP Latex 360 <NEXUS_01_12_00.11', 'HP Latex 370 <NEXUS_01_12_00.11', 'HP Latex 315 <NEXUS_03_12_00.15', 'HP Latex 335 <NEXUS_03_12_00.15', 'HP Latex 365 <NEXUS_03_12_00.15', 'HP Latex 375 <NEXUS_03_12_00.15', 'HP Latex 570 <STORM_00_05_01.6', 'HP Latex 560 <STORM_00_05_01.6', 'HP Latex 110', 'HP DesignJet T3500 <AENEAS_03_04_00.9', 'HP DesignJet T790 <IG_11_00_00.10', 'HP DesignJet T795 <IG_11_00_00.10', 'HP DesignJet T1300 <IG_11_00_00.10', 'HP DesignJet T2300 <IG_11_00_00.10', 'HP DesignJet T920 <MRY_04_05_00.5', 'HP DesignJet T930 <MRY_04_05_00.5', 'HP DesignJet T1500 <MRY_04_05_00.5', 'HP DesignJet T1530 <MRY_04_05_00.5', 'HP DesignJet T2500 <MRY_04_05_00.5', 'HP DesignJet T2530 <MRY_04_05_00.5']

Name

['HP Latex 310 <NEXUS_01_12_00.11', 'HP Latex 330 <NEXUS_01_12_00.11', 'HP Latex 360 <NEXUS_01_12_00.11', 'HP Latex 370 <NEXUS_01_12_00.11', 'HP Latex 315 <NEXUS_03_12_00.15', 'HP Latex 335 <NEXUS_03_12_00.15', 'HP Latex 365 <NEXUS_03_12_00.15', 'HP Latex 375 <NEXUS_03_12_00.15', 'HP Latex 570 <STORM_00_05_01.6', 'HP Latex 560 <STORM_00_05_01.6', 'HP Latex 110', 'HP DesignJet T3500 <AENEAS_03_04_00.9', 'HP DesignJet T790 <IG_11_00_00.10', 'HP DesignJet T795 <IG_11_00_00.10', 'HP DesignJet T1300 <IG_11_00_00.10', 'HP DesignJet T2300 <IG_11_00_00.10', 'HP DesignJet T920 <MRY_04_05_00.5', 'HP DesignJet T930 <MRY_04_05_00.5', 'HP DesignJet T1500 <MRY_04_05_00.5', 'HP DesignJet T1530 <MRY_04_05_00.5', 'HP DesignJet T2500 <MRY_04_05_00.5', 'HP DesignJet T2530 <MRY_04_05_00.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2747"
    }
  },
  "description": "HP DesignJet T790\u7b49\u90fd\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u6253\u5370\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eHP\u4ea7\u54c1\u4e2d\u5b58\u5728SMTP\u51ed\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6SMTP\u670d\u52a1\u5668\u7684\u8bc1\u4e66\u3002",
  "discovererName": "Nicodemo Gawronski",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.hp.com/us-en/document/c05624457",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04191",
  "openTime": "2018-03-02",
  "patchDescription": "HP DesignJet T790\u7b49\u90fd\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u6253\u5370\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eHP\u4ea7\u54c1\u4e2d\u5b58\u5728SMTP\u51ed\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6SMTP\u670d\u52a1\u5668\u7684\u8bc1\u4e66\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHP\u4ea7\u54c1SMTP\u51ed\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP Latex 310 \u003cNEXUS_01_12_00.11",
      "HP Latex 330 \u003cNEXUS_01_12_00.11",
      "HP Latex 360 \u003cNEXUS_01_12_00.11",
      "HP Latex 370 \u003cNEXUS_01_12_00.11",
      "HP Latex 315 \u003cNEXUS_03_12_00.15",
      "HP Latex 335 \u003cNEXUS_03_12_00.15",
      "HP Latex 365 \u003cNEXUS_03_12_00.15",
      "HP Latex 375 \u003cNEXUS_03_12_00.15",
      "HP Latex 570 \u003cSTORM_00_05_01.6",
      "HP Latex 560 \u003cSTORM_00_05_01.6",
      "HP Latex 110",
      "HP DesignJet T3500 \u003cAENEAS_03_04_00.9",
      "HP DesignJet T790 \u003cIG_11_00_00.10",
      "HP DesignJet T795 \u003cIG_11_00_00.10",
      "HP DesignJet T1300 \u003cIG_11_00_00.10",
      "HP DesignJet T2300 \u003cIG_11_00_00.10",
      "HP DesignJet T920 \u003cMRY_04_05_00.5",
      "HP DesignJet T930 \u003cMRY_04_05_00.5",
      "HP DesignJet T1500 \u003cMRY_04_05_00.5",
      "HP DesignJet T1530 \u003cMRY_04_05_00.5",
      "HP DesignJet T2500 \u003cMRY_04_05_00.5",
      "HP DesignJet T2530 \u003cMRY_04_05_00.5"
    ]
  },
  "referenceLink": "https://support.hp.com/us-en/document/c05624457",
  "serverity": "\u4f4e",
  "submitTime": "2018-01-25",
  "title": "\u591a\u6b3eHP\u4ea7\u54c1SMTP\u51ed\u8bc1\u6f0f\u6d1e"
}

CVE-2017-2747 (GCVE-0-2017-2747)

Vulnerability from cvelistv5 – Published: 2018-01-23 16:00 – Updated: 2024-09-16 17:54

Summary

HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

Severity

No CVSS data available.

CWE

expose credentials

Assigner

References

1 reference

URL	Tags
https://support.hp.com/us-en/document/c05624457	vendor-advisoryx_refsource_HP

Impacted products

1 product

Vendor	Product	Version
HP Inc.	HP Designjet printers; HP Latex printers	Affected: fixed in IG_11_00_00.10, MRY_04_05_00.5, and AENEAS_03_04_00.9 Affected: NEXUS_01_12_00.11, NEXUS_03_12_00.15, and STORM_00_05_01.6

Date Public

2017-01-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.778Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBPI03563",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/c05624457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HP Designjet printers; HP Latex printers",
          "vendor": "HP Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "fixed in IG_11_00_00.10, MRY_04_05_00.5, and AENEAS_03_04_00.9"
            },
            {
              "status": "affected",
              "version": "NEXUS_01_12_00.11, NEXUS_03_12_00.15, and STORM_00_05_01.6"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "expose credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-23T15:57:01.000Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "HPSBPI03563",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://support.hp.com/us-en/document/c05624457"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "DATE_PUBLIC": "2017-01-17T00:00:00",
          "ID": "CVE-2017-2747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HP Designjet printers; HP Latex printers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "fixed in IG_11_00_00.10, MRY_04_05_00.5, and AENEAS_03_04_00.9"
                          },
                          {
                            "version_value": "NEXUS_01_12_00.11, NEXUS_03_12_00.15, and STORM_00_05_01.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HP Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "expose credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBPI03563",
              "refsource": "HP",
              "url": "https://support.hp.com/us-en/document/c05624457"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2017-2747",
    "datePublished": "2018-01-23T16:00:00.000Z",
    "dateReserved": "2016-12-01T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:54:55.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-04191

CVE-2017-2747 (GCVE-0-2017-2747)

Tags

Sightings

Nomenclature