CVE-2018-5925
published 2018-08-13CVE-2018-5925: A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer…
PriorityP347high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
10.89%
95.3th percentile
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.
Affected
271 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | 1dt61a_firmware | — | — |
| hp | 1jl02a_firmware | — | — |
| hp | 1jl02b_firmware | — | — |
| hp | 1sh08_firmware | — | — |
| hp | 2nd31a_firmware | — | — |
| hp | 3aw44a_firmware | — | — |
| hp | 3aw51a_firmware | — | — |
| hp | 3yz74a_firmware | — | — |
| hp | 4sc29a_firmware | — | — |
| hp | 4uj28b_firmware | — | — |
| hp | a7f64a_firmware | — | — |
| hp | a7f65a_firmware | — | — |
| hp | a7f66a_firmware | — | — |
| hp | a9j40a_firmware | — | — |
| hp | a9j41_firmware | — | — |
| hp | a9t80a_firmware | — | — |
| hp | a9t80b_firmware | — | — |
| hp | a9t89a_firmware | — | — |
| hp | a9u19a_firmware | — | — |
| hp | a9u23_firmware | — | — |
| hp | a9u28b_firmware | — | — |
| hp | b4l03_firmware | — | — |
| hp | b4l08a_firmware | — | — |
| hp | b9s56a_firmware | — | — |
| hp | b9s57c_firmware | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
blogs_tenable·2018-08-14
Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
blogs_tenable·2018-08-14·CVSS 9.8
[CRITICAL] Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
Blog / Cyber Exposure Alerts
Subscribe
# Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
Ryan Seguin
August 14, 2018
4 Min Read
A new exploit demonstrated by Checkpoint Research at DEF CON last week leverages vulnerabilities in all-in-one printers, potentially allowing attackers to take control of other devices on the network.
## Background
Checkpoint Research published a proof of concept (PoC) for exploiting two remote code execution vulnerabilities on HP All-in-One printers solely through the printer’s fax line. These critical vulnerabilities score CVSS v3 as 9.8 and include CVE-2018-5924 and CVE-2018-5925.
Checkpoint was able to embed malicious code disguised as a JPEG image, which then exploited buffer overflows in the processing code to gain full access t
Checkpoint
Faxploit: Sending Fax Back to the Dark Ages
blogs_checkpoint·2018-08-12
CVE-2018-5925 Faxploit: Sending Fax Back to the Dark Ages
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Faxploit: Sending Fax Back to the Dark Ages
Research By: Eyal Itkin, Yannay Livneh and Yaniv Balmas
Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery wh
http://www.securityfocus.com/bid/105010http://www.securitytracker.com/id/1041415https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/https://support.hp.com/us-en/document/c06097712http://www.securityfocus.com/bid/105010http://www.securitytracker.com/id/1041415https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/https://support.hp.com/us-en/document/c06097712
2018-08-13
Published