National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-2743 Detail

Current Description

HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Source:  MITRE
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 6.1 MEDIUM
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (V3 legend)
Impact Score: 2.7
Exploitability Score: 2.8


Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://support.hp.com/us-en/document/c05541569 Vendor Advisory

Technical Details

Vulnerability Type (View All)

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/o:hp:cc419a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000901
Running on/with
 cpe:/h:hp:cc419a:-
     Show Matching CPE(s)

Configuration 2 ( hide )
 cpe:/o:hp:cc420a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000901
Running on/with
 cpe:/h:hp:cc420a:-
     Show Matching CPE(s)

Configuration 3 ( hide )
 cpe:/o:hp:cc421a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000901
Running on/with
 cpe:/h:hp:cc421a:-
     Show Matching CPE(s)

Configuration 4 ( hide )
 cpe:/o:hp:ce709a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000900
Running on/with
 cpe:/h:hp:ce709a:-
     Show Matching CPE(s)

Configuration 5 ( hide )
 cpe:/o:hp:ce708a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000900
Running on/with
 cpe:/h:hp:ce708a:-
     Show Matching CPE(s)

Configuration 6 ( hide )
 cpe:/o:hp:ce707a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000900
Running on/with
 cpe:/h:hp:ce707a:-
     Show Matching CPE(s)

Configuration 7 ( hide )
 cpe:/o:hp:ce503a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000904
Running on/with
 cpe:/h:hp:ce503a:-
     Show Matching CPE(s)

Configuration 8 ( hide )
 cpe:/o:hp:ce504a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000904
Running on/with
 cpe:/h:hp:ce504a:-
     Show Matching CPE(s)

Configuration 9 ( hide )
 cpe:/o:hp:ce738a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000904
Running on/with
 cpe:/h:hp:ce738a:-
     Show Matching CPE(s)

Configuration 10 ( hide )
 cpe:/o:hp:ce989a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce989a:-
     Show Matching CPE(s)

Configuration 11 ( hide )
 cpe:/o:hp:ce990a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce990a:-
     Show Matching CPE(s)

Configuration 12 ( hide )
 cpe:/o:hp:ce991a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce991a:-
     Show Matching CPE(s)

Configuration 13 ( hide )
 cpe:/o:hp:ce992a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce992a:-
     Show Matching CPE(s)

Configuration 14 ( hide )
 cpe:/o:hp:ce993a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce993a:-
     Show Matching CPE(s)

Configuration 15 ( hide )
 cpe:/o:hp:ce994a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce994a:-
     Show Matching CPE(s)

Configuration 16 ( hide )
 cpe:/o:hp:ce995a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce995a:-
     Show Matching CPE(s)

Configuration 17 ( hide )
 cpe:/o:hp:ce996a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000926
Running on/with
 cpe:/h:hp:ce996a:-
     Show Matching CPE(s)

Configuration 18 ( hide )
 cpe:/o:hp:cf081a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000927
Running on/with
 cpe:/h:hp:cf081a:-
     Show Matching CPE(s)

Configuration 19 ( hide )
 cpe:/o:hp:cf082a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000927
Running on/with
 cpe:/h:hp:cf082a:-
     Show Matching CPE(s)

Configuration 20 ( hide )
 cpe:/o:hp:cf083a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000927
Running on/with
 cpe:/h:hp:cf083a:-
     Show Matching CPE(s)

Configuration 21 ( hide )
 cpe:/o:hp:l2717a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000903
Running on/with
 cpe:/h:hp:l2717a:-
     Show Matching CPE(s)

Configuration 22 ( hide )
 cpe:/o:hp:cd644a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000925
Running on/with
 cpe:/h:hp:cd644a:-
     Show Matching CPE(s)

Configuration 23 ( hide )
 cpe:/o:hp:cd645a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000925
Running on/with
 cpe:/h:hp:cd644a:-
     Show Matching CPE(s)

Configuration 24 ( hide )
 cpe:/o:hp:cf116a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000913
Running on/with
 cpe:/h:hp:cf116a:-
     Show Matching CPE(s)

Configuration 25 ( hide )
 cpe:/o:hp:cf117a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000913
Running on/with
 cpe:/h:hp:cf117a:-
     Show Matching CPE(s)

Configuration 26 ( hide )
 cpe:/o:hp:cc522a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000932
Running on/with
 cpe:/h:hp:cc522a:-
     Show Matching CPE(s)

Configuration 27 ( hide )
 cpe:/o:hp:cc523a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000932
Running on/with
 cpe:/h:hp:cc523a:-
     Show Matching CPE(s)

Configuration 28 ( hide )
 cpe:/o:hp:cc524a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000932
Running on/with
 cpe:/h:hp:cc524a:-
     Show Matching CPE(s)

Configuration 29 ( hide )
 cpe:/o:hp:cf235a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000922
Running on/with
 cpe:/h:hp:cf235a:-
     Show Matching CPE(s)

Configuration 30 ( hide )
 cpe:/o:hp:cf236a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000922
Running on/with
 cpe:/h:hp:cf236a:-
     Show Matching CPE(s)

Configuration 31 ( hide )
 cpe:/o:hp:cf238a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000922
Running on/with
 cpe:/h:hp:cf238a:-
     Show Matching CPE(s)

Configuration 32 ( hide )
 cpe:/o:hp:cd646a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000925
Running on/with
 cpe:/h:hp:cd646a:-
     Show Matching CPE(s)

Configuration 33 ( hide )
 cpe:/o:hp:cf118a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000913
Running on/with
 cpe:/h:hp:cf118a:-
     Show Matching CPE(s)

Configuration 34 ( hide )
 cpe:/o:hp:cf066a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000921
Running on/with
 cpe:/h:hp:cf066a:-
     Show Matching CPE(s)

Configuration 35 ( hide )
 cpe:/o:hp:cf067a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000921
Running on/with
 cpe:/h:hp:cf067a:-
     Show Matching CPE(s)

Configuration 36 ( hide )
 cpe:/o:hp:cf068a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000921
Running on/with
 cpe:/h:hp:cf068a:-
     Show Matching CPE(s)

Configuration 37 ( hide )
 cpe:/o:hp:cf069a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000921
Running on/with
 cpe:/h:hp:cf069a:-
     Show Matching CPE(s)

Configuration 38 ( hide )
 cpe:/o:hp:d3l08a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000931
Running on/with
 cpe:/h:hp:d3l08a:-
     Show Matching CPE(s)

Configuration 39 ( hide )
 cpe:/o:hp:d3l09a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000931
Running on/with
 cpe:/h:hp:d3l09a:-
     Show Matching CPE(s)

Configuration 40 ( hide )
 cpe:/o:hp:d3l10a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000931
Running on/with
 cpe:/h:hp:d3l10a:-
     Show Matching CPE(s)

Configuration 41 ( hide )
 cpe:/o:hp:a2w77a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000930
Running on/with
 cpe:/h:hp:a2w77a:-
     Show Matching CPE(s)

Configuration 42 ( hide )
 cpe:/o:hp:a2w78a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000930
Running on/with
 cpe:/h:hp:a2w78a:-
     Show Matching CPE(s)

Configuration 43 ( hide )
 cpe:/o:hp:a2w79a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000930
Running on/with
 cpe:/h:hp:a2w79a:-
     Show Matching CPE(s)

Configuration 44 ( hide )
 cpe:/o:hp:a2w76a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000928
Running on/with
 cpe:/h:hp:a2w76a:-
     Show Matching CPE(s)

Configuration 45 ( hide )
 cpe:/o:hp:a2w75a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000928
Running on/with
 cpe:/h:hp:a2w75a:-
     Show Matching CPE(s)

Configuration 46 ( hide )
 cpe:/o:hp:d7p70a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000928
Running on/with
 cpe:/h:hp:d7p70a:-
     Show Matching CPE(s)

Configuration 47 ( hide )
 cpe:/o:hp:d7p71a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000928
Running on/with
 cpe:/h:hp:d7p71a:-
     Show Matching CPE(s)

Configuration 48 ( hide )
 cpe:/o:hp:cf367a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000916
Running on/with
 cpe:/h:hp:cf367a:-
     Show Matching CPE(s)

Configuration 49 ( hide )
 cpe:/o:hp:cz244a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000920
Running on/with
 cpe:/h:hp:cz244a:-
     Show Matching CPE(s)

Configuration 50 ( hide )
 cpe:/o:hp:cz245a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000920
Running on/with
 cpe:/h:hp:cz245a:-
     Show Matching CPE(s)

Configuration 51 ( hide )
 cpe:/o:hp:b5l04a_firmware
     Show Matching CPE(s)
Up to (excluding)
2308214_000902
Running on/with

Configuration 52 ( hide )

Configuration 53 ( hide )

Configuration 54 ( hide )

Configuration 55 ( hide )

Configuration 56 ( hide )

Configuration 57 ( hide )

Configuration 58 ( hide )

Configuration 59 ( hide )

Configuration 60 ( hide )

Configuration 61 ( hide )

Configuration 62 ( hide )

Configuration 63 ( hide )

Configuration 64 ( hide )

Configuration 65 ( hide )

Configuration 66 ( hide )

Configuration 67 ( hide )

Configuration 68 ( hide )

Configuration 69 ( hide )

Configuration 70 ( hide )

Configuration 71 ( hide )

Configuration 72 ( hide )

Configuration 73 ( hide )

Configuration 74 ( hide )

Configuration 75 ( hide )

Configuration 76 ( hide )

Configuration 77 ( hide )

Configuration 78 ( hide )

Configuration 79 ( hide )

Configuration 80 ( hide )

Configuration 81 ( hide )

Configuration 82 ( hide )

Configuration 83 ( hide )

Configuration 84 ( hide )

Configuration 85 ( hide )

Configuration 86 ( hide )

Configuration 87 ( hide )

Configuration 88 ( hide )

Showing 100 of 176 CPEs, view all CPEs here.

Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2017-2743
NVD Published Date:
01/23/2018
NVD Last Modified:
02/13/2018