TTCSIRT-085.020518: TT-CSIRT Advisory – HP Security Updates

TTCSIRT-085.020518: TT-CSIRT Advisory – HP Security Updates

HP has reported that a vulnerability has been discovered in HP printers which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.

HP states that a directory traversal attack could allow access to the profile.d directory which is a world writable directory that contains scripts that get executed at startup, leading to possible arbitrary code execution.

Further information on this vulnerability and how it can be mitigated can be found at https://www.cisecurity.org/advisory/a-vulnerability-in-hp-printer-products-could-allow-for-arbitrary-code-execution_2018-013/