upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-12-09 10:55
Updated : 2014-03-05 20:49
NVD link : CVE-2013-6427
Mitre link : CVE-2013-6427
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
hp
- linux_imaging_and_printing_project