Detections
Analytics

HP OfficeJet Pro Wi-Fi Direct Support Printer Configuration Unauthenticated Access

critical Nessus Plugin ID 99591

Language:

Synopsis

The remote HP OfficeJet printer is using a default configuration that allows unauthenticated access to configuration files.

Description

The remote HP OfficeJet Pro printer is using a default configuration that lacks access controls and authentication for the Wi-Fi Direct Support feature. An unauthenticated, remote attacker can exploit this to gain read and write access to the printer configuration in the embedded web server.

Solution

Restrict access to the administrative interface by setting a password.

See Also

https://seclists.org/fulldisclosure/2017/Feb/10

Plugin Details

Severity: Critical

ID: 99591

File Name: hp_officejet_pro_8710.nasl

Version: 1.6

Type: remote

Family: Web Servers

Published: 4/21/2017

Updated: 3/23/2023

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:hp:officejet_pro_8620, cpe:/h:hp:officejet_pro_8710

Required KB Items: hp/officejet/detected

Vulnerability Publication Date: 2/1/2017