Buffer Overflow Vulnerability in HP Color LaserJet Pro and LaserJet Pro MFP Series
CVE-2019-6326

7.2HIGH

Key Information:

Vendor: HP
Status: HP Color Laserjet Pro M280-m281 Multifunction Printer Series; HP Laserjet Pro Mfp M28-m31 Printer Series
Vendor: CVE Published:; 17 June 2019

Summary

The HP Color LaserJet Pro M280-M281 and LaserJet Pro MFP M28-M31 series printers possess an embedded web server that may be susceptible to buffer overflow conditions. This vulnerability could allow an attacker to execute arbitrary code and gain unauthorized access to the printer, potentially leading to data exposure or manipulation. User awareness and timely firmware updates are essential to mitigate the associated risks.

Affected Version(s)

HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series before 20190419

HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series before 20190426

References

https://support.hp.com/us-en/document/c06356322

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 17, 2019
Vulnerability Reserved
Jan 15, 2019