CVE-2013-6427
HP Linux Imaging and Printing Project 3.x-3.13.11 - Remote Code Execution via Insecure HTTP Program Download
Title source: llmDescription
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2085-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/12/05/2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2829
Exploit x_refsource_misc
https://bugzilla.novell.com/show_bug.cgi?id=853405
Scores
EPSS
0.0078
EPSS Percentile
73.9%
Details
CWE
CWE-94
Status
published
Products (33)
hp/linux_imaging_and_printing_project
3.9.2
hp/linux_imaging_and_printing_project
3.9.4 (2 CPE variants)
hp/linux_imaging_and_printing_project
3.9.4b
hp/linux_imaging_and_printing_project
3.9.6
hp/linux_imaging_and_printing_project
3.9.8
hp/linux_imaging_and_printing_project
3.9.10
hp/linux_imaging_and_printing_project
3.9.12
hp/linux_imaging_and_printing_project
3.10.2
hp/linux_imaging_and_printing_project
3.10.5
hp/linux_imaging_and_printing_project
3.10.6
... and 23 more
Published
Dec 09, 2013
Tracked Since
Feb 18, 2026