Details of VAR-201801-1001

ID

VAR-201801-1001

CVE

CVE-2017-2747

TITLE

plural HP DesignJet and Latex Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012277

DESCRIPTION

HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. plural HP DesignJet and Latex The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HPDesignJetT790 and other printers are the United States HP (HP) company. There are SMTP credential vulnerabilities in several HP products. An attacker could exploit the vulnerability to obtain a certificate for the SMTP server. HP DesignJet T790, etc. The following products and versions are affected: HP DesignJet T790 prior to IG_11_00_00.10; DesignJet T795 prior to IG_11_00_00.10; DesignJet T1300 prior to IG_11_00_00.10; DesignJet T2300 prior to IG_11_00_00.10; DesignJet T920 prior to MRY_04_05 DesignJet T930 prior to MRY_04_05_00.5; DesignJet T1500 prior to MRY_04_05_00.5; DesignJet T1530 prior to MRY_04_05_00.5; DesignJet T2500 prior to MRY_04_05_00.5; Latex 310 before NEXUS_01_12_00.11; Latex 330 before NEXUS_01_12_00.11; Latex 360 before NEXUS_01_12_00.11; Latex 370 before NEXUS_01_12_00.11 before 305_Latex Versions; Latex 335 prior to NEXUS_03_12_00.15; Latex 365 prior to NEXUS_03_12_00.15; Latex 375 prior to NEXUS_03_12_00.15; Latex 560 prior to STORM_00_05_01.6; Latex 570 prior to STORM_00_05_01.6

Trust: 2.34

sources: NVD: CVE-2017-2747 // JVNDB: JVNDB-2017-012277 // CNVD: CNVD-2018-04191 // VULHUB: VHN-110950 // VULMON: CVE-2017-2747

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-04191

AFFECTED PRODUCTS

vendor:	hp	model:	110	scope:	lte	version:	nexus_00_04_53.8	Trust: 1.0
vendor:	hp	model:	t2300	scope:	lte	version:	ig_11_00_00.09	Trust: 1.0
vendor:	hp	model:	570	scope:	lte	version:	storm_00_05_01.5	Trust: 1.0
vendor:	hp	model:	560	scope:	lte	version:	storm_00_05_01.5	Trust: 1.0
vendor:	hp	model:	t1530	scope:	lte	version:	mry_04_05_00.4	Trust: 1.0
vendor:	hp	model:	t790	scope:	lte	version:	ig_11_00_00.09	Trust: 1.0
vendor:	hp	model:	370	scope:	lte	version:	nexus_01_12_00.10	Trust: 1.0
vendor:	hp	model:	315	scope:	lte	version:	nexus_03_12_00.14	Trust: 1.0
vendor:	hp	model:	330	scope:	lte	version:	nexus_01_12_00.10	Trust: 1.0
vendor:	hp	model:	t2500	scope:	lte	version:	mry_04_05_00.4	Trust: 1.0
vendor:	hp	model:	t2530	scope:	lte	version:	mry_04_05_00.4	Trust: 1.0
vendor:	hp	model:	t795	scope:	lte	version:	ig_11_00_00.09	Trust: 1.0
vendor:	hp	model:	t1500	scope:	lte	version:	mry_04_05_00.4	Trust: 1.0
vendor:	hp	model:	t920	scope:	lte	version:	mry_04_05_00.4	Trust: 1.0
vendor:	hp	model:	375	scope:	lte	version:	nexus_03_12_00.14	Trust: 1.0
vendor:	hp	model:	310	scope:	lte	version:	nexus_01_12_00.10	Trust: 1.0
vendor:	hp	model:	335	scope:	lte	version:	nexus_03_12_00.14	Trust: 1.0
vendor:	hp	model:	360	scope:	lte	version:	nexus_01_12_00.10	Trust: 1.0
vendor:	hp	model:	365	scope:	lte	version:	nexus_03_12_00.14	Trust: 1.0
vendor:	hp	model:	t1300	scope:	lte	version:	ig_11_00_00.09	Trust: 1.0
vendor:	hp	model:	t3500	scope:	lte	version:	aeneas_03_04_00.8	Trust: 1.0
vendor:	hp	model:	t930	scope:	lte	version:	mry_04_05_00.4	Trust: 1.0
vendor:	hewlett packard	model:	designjet t1300	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	designjet t2300	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	designjet t790	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	designjet t795	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	designjet t920	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	latex 110	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	latex 310	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	latex 330	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	latex 360	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	latex 370	scope:	-	version:	-	Trust: 0.8
vendor:	hp	model:	latex <nexus 01 12 00.11	scope:	eq	version:	310	Trust: 0.6
vendor:	hp	model:	latex <nexus 01 12 00.11	scope:	eq	version:	330	Trust: 0.6
vendor:	hp	model:	latex <nexus 01 12 00.11	scope:	eq	version:	360	Trust: 0.6
vendor:	hp	model:	latex <nexus 01 12 00.11	scope:	eq	version:	370	Trust: 0.6
vendor:	hp	model:	latex <nexus 03 12 00.15	scope:	eq	version:	315	Trust: 0.6
vendor:	hp	model:	latex <nexus 03 12 00.15	scope:	eq	version:	335	Trust: 0.6
vendor:	hp	model:	latex <nexus 03 12 00.15	scope:	eq	version:	365	Trust: 0.6
vendor:	hp	model:	latex <nexus 03 12 00.15	scope:	eq	version:	375	Trust: 0.6
vendor:	hp	model:	latex <storm 00 05 01.6	scope:	eq	version:	570	Trust: 0.6
vendor:	hp	model:	latex <storm 00 05 01.6	scope:	eq	version:	560	Trust: 0.6
vendor:	hp	model:	latex	scope:	eq	version:	110	Trust: 0.6
vendor:	hp	model:	designjet t3500 <aeneas 03 04 00.9	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t790 <ig 11 00 00.10	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t795 <ig 11 00 00.10	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t1300 <ig 11 00 00.10	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t2300 <ig 11 00 00.10	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t920 <mry 04 05 00.5	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t930 <mry 04 05 00.5	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t1500 <mry 04 05 00.5	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t1530 <mry 04 05 00.5	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t2500 <mry 04 05 00.5	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	designjet t2530 <mry 04 05 00.5	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	t2530	scope:	eq	version:	mry_04_05_00.4	Trust: 0.6
vendor:	hp	model:	t1530	scope:	eq	version:	mry_04_05_00.4	Trust: 0.6
vendor:	hp	model:	t1300	scope:	eq	version:	ig_11_00_00.09	Trust: 0.6
vendor:	hp	model:	t2300	scope:	eq	version:	ig_11_00_00.09	Trust: 0.6
vendor:	hp	model:	t790	scope:	eq	version:	ig_11_00_00.09	Trust: 0.6
vendor:	hp	model:	t2500	scope:	eq	version:	mry_04_05_00.4	Trust: 0.6
vendor:	hp	model:	t920	scope:	eq	version:	mry_04_05_00.4	Trust: 0.6
vendor:	hp	model:	t1500	scope:	eq	version:	mry_04_05_00.4	Trust: 0.6
vendor:	hp	model:	t795	scope:	eq	version:	ig_11_00_00.09	Trust: 0.6
vendor:	hp	model:	t930	scope:	eq	version:	mry_04_05_00.4	Trust: 0.6

sources: CNVD: CNVD-2018-04191 // JVNDB: JVNDB-2017-012277 // CNNVD: CNNVD-201801-873 // NVD: CVE-2017-2747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2747
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2747
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-04191
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201801-873
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110950
value:	LOW
Trust: 0.1
VULMON:	CVE-2017-2747
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-2747
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-04191
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110950
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2747
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-04191 // VULHUB: VHN-110950 // VULMON: CVE-2017-2747 // JVNDB: JVNDB-2017-012277 // CNNVD: CNNVD-201801-873 // NVD: CVE-2017-2747

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-110950 // JVNDB: JVNDB-2017-012277 // NVD: CVE-2017-2747

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-873

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201801-873

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012277

PATCH

title:	HPSBPI03563	url:	https://support.hp.com/us-en/document/c05624457	Trust: 0.8
title:	Patch for multiple HP product SMTP certificate vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/120059	Trust: 0.6
title:	Multiple HP Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78025	Trust: 0.6
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=c59b43ed838b4d3cc6b6a853985fa234	Trust: 0.1
title:	HP: HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03563	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=b3752f68dbc7c4bc587f927d56c9be97	Trust: 0.1

sources: CNVD: CNVD-2018-04191 // VULMON: CVE-2017-2747 // JVNDB: JVNDB-2017-012277 // CNNVD: CNNVD-201801-873

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2747	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-012277	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-873	Trust: 0.7
db:	CNVD	id:	CNVD-2018-04191	Trust: 0.6
db:	VULHUB	id:	VHN-110950	Trust: 0.1
db:	VULMON	id:	CVE-2017-2747	Trust: 0.1

sources: CNVD: CNVD-2018-04191 // VULHUB: VHN-110950 // VULMON: CVE-2017-2747 // JVNDB: JVNDB-2017-012277 // CNNVD: CNNVD-201801-873 // NVD: CVE-2017-2747

REFERENCES

url:	https://support.hp.com/us-en/document/c05624457	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2747	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2747	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-04191 // VULHUB: VHN-110950 // VULMON: CVE-2017-2747 // JVNDB: JVNDB-2017-012277 // CNNVD: CNNVD-201801-873 // NVD: CVE-2017-2747

SOURCES

db:	CNVD	id:	CNVD-2018-04191
db:	VULHUB	id:	VHN-110950
db:	VULMON	id:	CVE-2017-2747
db:	JVNDB	id:	JVNDB-2017-012277
db:	CNNVD	id:	CNNVD-201801-873
db:	NVD	id:	CVE-2017-2747

LAST UPDATE DATE

2024-11-23T22:12:41.915000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-04191	date:	2018-03-02T00:00:00
db:	VULHUB	id:	VHN-110950	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-2747	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-012277	date:	2018-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201801-873	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2747	date:	2024-11-21T03:24:06.410

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-04191	date:	2018-03-02T00:00:00
db:	VULHUB	id:	VHN-110950	date:	2018-01-23T00:00:00
db:	VULMON	id:	CVE-2017-2747	date:	2018-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-012277	date:	2018-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201801-873	date:	2018-01-24T00:00:00
db:	NVD	id:	CVE-2017-2747	date:	2018-01-23T16:29:01.570