Information Disclosure and Remote Code Execution in HP Print Devices
CVE-2022-24292

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Laserjet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers
Vendor: CVE Published:; 23 March 2022

Summary

Certain HP Print devices have been found to possess security vulnerabilities that can expose sensitive information, enable denial of service attacks, or allow remote code execution. These issues could lead to unauthorized access or disruptions in service, necessitating prompt updates and patches from HP to mitigate risks.

Affected Version(s)

HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers before 002_2208A

HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers before 2205D

HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers before 001.2210B

References

https://support.hp.com/us-en/document/ish_5950417-5950443-16

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2022
Vulnerability Reserved
Feb 1, 2022