TTCSIRT-085.020518: TT-CSIRT Advisory – HP Security Updates
HP has reported that a vulnerability has been discovered in HP printers which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.
HP states that a directory traversal attack could allow access to the profile.d directory which is a world writable directory that contains scripts that get executed at startup, leading to possible arbitrary code execution.
|Further information on this vulnerability and how it can be mitigated can be found at https://www.cisecurity.org/advisory/a-vulnerability-in-hp-printer-products-could-allow-for-arbitrary-code-execution_2018-013/|