Strix
26.1K

CVE-2024-2209

MEDIUMCVSS 6.3/10EPSS 0.21%

Last modified

CVE-2024-2209 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.

Metrics

CVSS 3.1
6.3/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS Probability
0.21%

11.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Hp26k70b Firmware< 2349b
Hp297x1a Firmware< 2349b
Hp2a9q5a Firmware< 2349b
Hp26k72a Firmware< 2349b
Hp26k69a Firmware< 2349b
Hp26k70a Firmware< 2349b
Hp26k71a Firmware< 2349b
Hp26k68a Firmware< 2349b
Hp26k67a Firmware< 2349b
Hp3xv19a Firmware< 2349b
Hp7fr52a Firmware< 2349b
Hp7fr57a Firmware< 2349b
Hp7fr53a Firmware< 2349b
Hp7fr58a Firmware< 2349b
Hp7fr61a Firmware< 2349b
Hp5ar83a Firmware< 2349b
Hp5ar84a Firmware< 2349b
Hp5ar85a Firmware< 2349b
Hp8rk11a Firmware< 2349b
Hp3xv17a Firmware< 2349b
Hp4ws04a Firmware< 2349b
Hp7fr21a Firmware< 2349b
Hp7fr20a Firmware< 2349b
Hp26k72b Firmware< 2349c
Hp26k67b Firmware< 2349c
Hp297w8a Firmware< 2349c
Hp26k68b Firmware< 2349c
Hp297x0a Firmware< 2349c
Hp26k70b Firmware< 2349c
Hp297x1a Firmware< 2349c
Hp2a9q5a Firmware< 2349c
Hp26k72a Firmware< 2349c
Hp26k69a Firmware< 2349c
Hp26k70a Firmware< 2349c
Hp26k71a Firmware< 2349c
Hp26k68a Firmware< 2349c
Hp26k67a Firmware< 2349c
Hp3xv19a Firmware< 2349c
Hp7fr52a Firmware< 2349c
Hp7fr57a Firmware< 2349c
Hp26k72b Firmware< 2349b
Hp26k67b Firmware< 2349b
Hp297w8a Firmware< 2349b
Hp26k68b Firmware< 2349b
Hp297x0a Firmware< 2349b
Hp7fr53a Firmware< 2349c
Hp7fr58a Firmware< 2349c
Hp7fr61a Firmware< 2349c
Hp5ar83a Firmware< 2349c
Hp5ar84a Firmware< 2349c

Showing 50 of 83 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-2209?
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.
How severe is CVE-2024-2209?
CVE-2024-2209 has a CVSS score of 6.3/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.
How do I fix CVE-2024-2209?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-2209?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST