Cross-site Request Forgery Vulnerability in HP LaserJet Pro Printers
CVE-2019-6325

8.8HIGH

Key Information:

Vendor: HP
Status: HP Color Laserjet Pro M280-m281 Multifunction Printer Series; HP Laserjet Pro Mfp M28-m31 Printer Series
Vendor: CVE Published:; 17 June 2019

Summary

HP Color LaserJet Pro M280-M281 and LaserJet Pro MFP M28-M31 printer series are susceptible to cross-site request forgery due to vulnerabilities in their embedded web server. These issues could allow attackers to execute unauthorized commands on the printers, potentially compromising sensitive data and network security. Users must ensure their devices are updated to the latest firmware versions to mitigate this risk.

Affected Version(s)

HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series before 20190419

HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series before 20190426

References

https://support.hp.com/us-en/document/c06356322

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 17, 2019
Vulnerability Reserved
Jan 15, 2019