Multiple HP printer models buffer overflow | CVE-2022-24293
NAME
Multiple HP printer models buffer overflow
- Platforms Affected:
HP OfficeJet Pro 8210 Printer series
HP PageWide 352dw Printer
HP PageWide 377dw Multifunction Printer
HP PageWide Managed P55250dw Printer series
HP PageWide Managed P57750dw Multifunction Printer series
HP PageWide Pro 452dn Printer series
HP PageWide Pro 452dw Printer series
HP PageWide Pro 477dn Multifunction Printer series
HP PageWide Pro 477dw Multifunction Printer series
HP PageWide Pro 552dw Printer series
HP PageWide Pro 577 Multifunction Printer series
HP Color LaserJet Pro M453
HP Color LaserJet Pro M454
HP Color LaserJet Pro MFP M2XX
HP Color LaserJet Pro MFP M478
HP Color LaserJet Pro MFP M479
HP LaserJet Pro M304
HP LaserJet Pro M305
HP LaserJet Pro M404
HP LaserJet Pro M405
HP LaserJet Pro MFP M428
HP LaserJet Pro MFP M429 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Multiple HP printer models are vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to HPSBPI03781 rev. 1 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://support.hp.com/us-en/document/ish_5950417-5950443-16/hpsbpi03781 - Reference Link:
https://www.zerodayinitiative.com/advisories/ZDI-22-533/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
