Account Lockout Bypass Vulnerability in HP Printers and All-in-Ones
CVE-2019-18917

6.5MEDIUM

Key Information:

Vendor: HP
Status: HP Envy 5000 All-in-one Printer Series (m2u85a - M2u85b, M2u91a - M2u94b, Z4a54a - Z4a74a); HP Deskjet Ink Advantage 5000 All-in-one Printer Series (m2u86a - M2u89b)
Vendor: CVE Published:; 16 March 2020

What is CVE-2019-18917?

A potential security vulnerability has been identified in specific HP Printers and All-in-Ones that allows an attacker to bypass the account lockout mechanism. This could enable unauthorized access to printer settings and user accounts, posing significant risks to information security. Organizations using affected devices should prioritize remediation to ensure their printing operations are secure.

Affected Version(s)

HP ENVY 5000 All-in-One Printer series (M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A); HP DeskJet Ink Advantage 5000 All-in-One Printer series (M2U86A - M2U89B) Before 003.2008A

References

https://support.hp.com/us-en/document/c06594863

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2020
Vulnerability Reserved
Nov 12, 2019

CVE-2019-18917 Data

JSON