CVE-2024-2209

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.
Configurations

No configuration.

History

21 Nov 2024, 09:09

Type Values Removed Values Added
References () https://support.hp.com/us-en/document/ish_10354903-10354932-16 - () https://support.hp.com/us-en/document/ish_10354903-10354932-16 -

06 Aug 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3
CWE CWE-94

27 Mar 2024, 12:29

Type Values Removed Values Added
Summary
  • (es) Un usuario con privilegios administrativos puede crear un archivo dll comprometido con el mismo nombre que el dll original dentro del paquete Firmware Update Utility (FUU) de la impresora HP y colocarlo en el directorio de descargas predeterminado de Microsoft Windows, lo que puede conducir a una posible ejecución de código arbitrario.

27 Mar 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-27 00:15

Updated : 2024-11-21 09:09


NVD link : CVE-2024-2209

Mitre link : CVE-2024-2209

CVE.ORG link : CVE-2024-2209


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')