Detections
Analytics

HP LaserJet Printers Multiple Vulnerabilities (HPSBPI03574)

medium Nessus Plugin ID 181598

Language:

Synopsis

The remote printer is affected by multiple vulnerabilities.

Description

The remote HP LaserJet printer is potentially affected by the following vulnerabilities:
 - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. (CVE-2017-13077)

 - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. (CVE-2017-13078)

 - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. (CVE-2017-13081)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the HP LaserJet firmware referenced in the advisory.

See Also

https://support.hp.com/us-en/document/c05876244

Plugin Details

Severity: Medium

ID: 181598

File Name: hp_laserjet_hpsbpi03574.nasl

Version: 1.1

Type: remote

Family: Misc.

Published: 9/19/2023

Updated: 9/20/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-13077

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:hp:laserjet

Required KB Items: www/hp_laserjet

Exploit Ease: No known exploits are available

Patch Publication Date: 1/12/2018

Vulnerability Publication Date: 10/16/2017

Reference Information

CVE: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081

HP: HPSBPI03574