CVE-2024-2209

Name of the Vulnerable Software and Affected Versions HP Printer's Firmware Update Utility (FUU) bundle (affected versions not specified)

Description The issue is related to an uncontrolled search path element in the HP printer's Firmware Update Utility (FUU) bundle. A user with administrative privileges can create a compromised dll file of the same name as the original dll and place it in the Microsoft Windows default downloads directory, potentially leading to arbitrary code execution.

Recommendations As a temporary workaround, consider restricting access to the FUU bundle until a patch is available. Avoid using the default downloads directory for storing dll files from the FUU bundle. Restrict administrative privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.