HP Web Jetadmin Arbitrary File Upload Vulnerability

vendor:

Web Jetadmin

by:

SecurityFocus

7.5

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: Web Jetadmin

Affected Version From: 7.5.2546

Affected Version To: 7.5.2546

Patch Exists: NO

Related CWE: N/A

CPE: a:hewlett_packard:web_jetadmin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

HP Web Jetadmin Arbitrary File Upload Vulnerability

HP Web Jetadmin is prone to an issue which may permit remote users to upload arbitrary files to the management server. This issue exists in the printer firmware update script. Given the ability to place arbitrary files on the server to an attacker-specified location, it may be possible to execute arbitrary code, though this will require exploitation of other known vulnerabilities.

Mitigation:

Authentication, if it has been enabled, would be required to exploit this issue.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9971/info

HP Web Jetadmin is prone to an issue which may permit remote users to upload arbitrary files to the management server. 

This issue exists in the printer firmware update script. Given the ability to place arbitrary files on the server to an attacker-specified location, it may be possible to execute arbitrary code, though this will require exploitation of other known vulnerabilities, such as BID 9972 "HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability".

Authentication, if it has been enabled, would be required to exploit this issue.

This issue was reported in HP Web Jetadmin version 7.5.2546 on a Windows platform. Other versions may be similarly affected.

https://www.example.com:8443/plugins/hpjwja/script/devices_update_printer_fw_upload.hts