GEN:SID | 1:2547 |
Message | MISC HP Web JetAdmin remote file upload attempt |
Summary | This event is generated when an attempt is made to exploit a vulnerability associated with the web interface support for the HP JetAdmin printer.
|
Impact | A successful attack may allow the execution of arbitrary code as root on a vulnerable server.
|
Detailed Information | The HP Web JetAdmin provides a web interface for the administration of the HP Web JetAdmin printer. A vulnerability exists that allows the uploading of unauthorized files using the script /plugins/hpjwja/script/devices_update_printer_fw_upload.hts. This capability was included to allow the upload of legitimate files, such as firmware updates, by an authorized administrator. However, there is no file validation on the uploaded file, allowing the upload of any random file. An attacker can upload a file with a .hts extension that subsequently can be executed when the attacker accesses the file using a web browser.
|
Affected Systems | HP Web JetAdmin 7.2.
|
Attack Scenarios | An attacker can create upload and execute a malicious file on a vulnerable server.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software or apply the appropriate patch when it becomes available.
|
Additional References | |
Rule References | bugtraq: 9978
|