Multiple HP Print products buffer overflow | CVE-2022-3942
NAME
Multiple HP Print products buffer overflow
- Platforms Affected:
HP Color LaserJet Enterprise CM4540 MFP
HP Color LaserJet Enterprise CP5525
HP Color LaserJet Enterprise Flow MFP M578
HP Color LaserJet Enterprise MFP M578
HP Color LaserJet Enterprise Flow MFP M880z
HP Color LaserJet Managed Flow MFP M880zm - Risk Level:
9.4 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Multiple HP Print products are vulnerable to a buffer overflow, caused by improper bounds checking by the Link-Local Multicast Name Resolution (LLMNR) component. By sending a specially-crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
- Remediation Level: Official Fix
MITIGATION
Refer to HPSBPI03780 rev. 2 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://support.hp.com/ca-en/document/ish_5948778-5949142-16/hpsbpi03780 - Reference Link:
https://www.zerodayinitiative.com/advisories/ZDI-22-532/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
