CVE-2013-6427

Exploit

EPSS 0.59%
Veröffentlicht 09.12.2013 18:55:10
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hp ≫ Linux Imaging And Printing Project Version3.9.2

Hp ≫ Linux Imaging And Printing Project Version3.9.4

Hp ≫ Linux Imaging And Printing Project Version3.9.4 Updateb

Hp ≫ Linux Imaging And Printing Project Version3.9.4b

Hp ≫ Linux Imaging And Printing Project Version3.9.6

Hp ≫ Linux Imaging And Printing Project Version3.9.8

Hp ≫ Linux Imaging And Printing Project Version3.9.10

Hp ≫ Linux Imaging And Printing Project Version3.9.12

Hp ≫ Linux Imaging And Printing Project Version3.10.2

Hp ≫ Linux Imaging And Printing Project Version3.10.5

Hp ≫ Linux Imaging And Printing Project Version3.10.6

Hp ≫ Linux Imaging And Printing Project Version3.10.9

Hp ≫ Linux Imaging And Printing Project Version3.11.1

Hp ≫ Linux Imaging And Printing Project Version3.11.3

Hp ≫ Linux Imaging And Printing Project Version3.11.3 Updatea

Hp ≫ Linux Imaging And Printing Project Version3.11.3a

Hp ≫ Linux Imaging And Printing Project Version3.11.5

Hp ≫ Linux Imaging And Printing Project Version3.11.7

Hp ≫ Linux Imaging And Printing Project Version3.11.10

Hp ≫ Linux Imaging And Printing Project Version3.11.12

Hp ≫ Linux Imaging And Printing Project Version3.12.2

Hp ≫ Linux Imaging And Printing Project Version3.12.4

Hp ≫ Linux Imaging And Printing Project Version3.12.6

Hp ≫ Linux Imaging And Printing Project Version3.12.9

Hp ≫ Linux Imaging And Printing Project Version3.12.10

Hp ≫ Linux Imaging And Printing Project Version3.12.10 Updatea

Hp ≫ Linux Imaging And Printing Project Version3.12.11

Hp ≫ Linux Imaging And Printing Project Version3.13.2

Hp ≫ Linux Imaging And Printing Project Version3.13.3

Hp ≫ Linux Imaging And Printing Project Version3.13.4

Hp ≫ Linux Imaging And Printing Project Version3.13.5

Hp ≫ Linux Imaging And Printing Project Version3.13.6

Hp ≫ Linux Imaging And Printing Project Version3.13.7

Hp ≫ Linux Imaging And Printing Project Version3.13.8

Hp ≫ Linux Imaging And Printing Project Version3.13.9

Hp ≫ Linux Imaging And Printing Project Version3.13.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.665

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.debian.org/security/2013/dsa-2829

http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html

http://openwall.com/lists/oss-security/2013/12/05/2

http://www.ubuntu.com/usn/USN-2085-1

https://bugzilla.novell.com/show_bug.cgi?id=853405

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2013-6427

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6427

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6427

EUVD