Arbitrary Code Execution Vulnerability in HP Printer Drivers
CVE-2020-28419

8.8HIGH

Key Information:

Vendor: HP
Status: HP Laserjet Printer; HP Laserjet Pro Printer; HP Pagewide Printer; HP Pagewide Pro Printer; HP Inkjet Printer; HP Officejet Printer
Vendor: CVE Published:; 9 November 2021

What is CVE-2020-28419?

This vulnerability allows for arbitrary code execution during the installation process of certain driver software or application packages for HP printers. An attacker exploiting this flaw could potentially execute malicious code on the targeted system, leading to unauthorized access and manipulation of sensitive information.

Affected Version(s)

HP LaserJet Printer; HP LaserJet Pro Printer; HP PageWide Printer; HP PageWide Pro Printer; HP inkjet Printer; HP OfficeJet Printer before 61.111.01.9108

HP LaserJet Printer; HP LaserJet Pro Printer; HP PageWide Printer; HP PageWide Pro Printer; HP inkjet Printer; HP OfficeJet Printer before 8.0.13284.929

HP LaserJet Printer; HP LaserJet Pro Printer; HP PageWide Printer; HP PageWide Pro Printer; HP inkjet Printer; HP OfficeJet Printer before 11.0.19232.882

References

https://support.hp.com/us-en/document/c07058567

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2021
Vulnerability Reserved
Nov 12, 2020