Arbitrary Code Execution Vulnerability in HP Enterprise Printers
CVE-2018-5923

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Laserjet Enterprise, HP Pagewide Enterprise, HP Laserjet Managed, And HP Officejet Enterprise Printers
Vendor: CVE Published:; 27 March 2019

What is CVE-2018-5923?

A vulnerability exists in a range of HP printers where inadequate solution application signature checking can lead to the execution of arbitrary code. This issue affects HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise printers. Attackers may exploit this flaw to potentially compromise device security and performance.

Affected Version(s)

HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers Various

HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers see Security Bulletin

References

https://support.hp.com/us-en/document/c06169434

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2019
Vulnerability Reserved
Jan 19, 2018