HP Web JetAdmin Multiple Vulnerabilities


Secunia Advisory: SA11213
Release Date: 2004-03-25

Moderately critical
Impact: System access

Where: From local network

Software: HP Web Jetadmin 7.x

Some vulnerabilities have been reported in HP Web JetAdmin, allowing malicious people to compromise a vulnerable system.

1) It is possible to upload HTS files using "/plugins/hpjwja/script/devices_update_printer_fw_upload.hts". Uploaded files will be placed in "/plugins/hpjwja/firmware/printer/".

2) Input to the "setinclude" parameter in "/plugins/hpjdwm/script/test/setinfo.hts" isn't properly verified. This can be exploited to read arbitrary files and execute arbitrary HTS files by conducting a directory traversal attacks using the classic "../" character sequence.

3) It is possible to inject commands, which will be executed when the service is restarted. An example has been provided, which adds a new administrative user:


The vulnerabilities have been reported in version 7.5.2546 and prior.

Restrict access to ensure that only trusted users can connect to the service.

Provided and/or discovered by:
1 and 2 reported by wirepair
3 reported by H D Moore