HP.hplip.Remote.Command.Execution
Description
This indicates an attempt to exploit a vulnerability in HP Linux Imaging and Printing System (HPLIP).
The vulnerability can be exploited to inject arbitrary commands by sending specially crafted data to the "hpssd" daemon. This issue is a result of the "hpssd" daemon's failure to validate user supplied data before passing the input to the "popen3()" function. The injected commands may be run with root user privileges on some systems.
Affected Products
Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Update to version 2.7.10.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |