CVE-2013-6427Code Injection in Hplip

CWE-94Code Injection7 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
0.8%
top 26.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian HplipHP Linux Imaging AND Printing Project
Timeline
PublishedDec 9
Latest updateMay 17

Description

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

debiandebian/hplip< hplip 3.13.11-2 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-p8g8-g88f-96q3: upgrade2022-05-17
OSV
CVE-2013-6427: upgrade2013-12-09

📋Vendor Advisories

3
Ubuntu
HPLIP vulnerabilities2014-01-21
Red Hat
hplip: insecure auto update feature2013-12-03
Debian
CVE-2013-6427: hplip - upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3....2013

💬Community

1
Bugzilla
CVE-2013-6427 hplip: insecure auto update feature2013-12-05