Elevation of Privilege and Information Disclosure in HP LaserJet Pro Products
CVE-2023-26301

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP LaserJet Pro
Vendor: CVE Published:; 21 July 2023

What is CVE-2023-26301?

Certain HP LaserJet Pro print devices are susceptible to vulnerabilities that could lead to unauthorized elevation of privilege and potential information disclosure. This is due to inadequate authentication mechanisms associated with certain endpoints within the devices. Attackers exploiting these vulnerabilities could gain unauthorized access to restricted functions or sensitive data, underscoring the importance of securing printer environments.

Affected Version(s)

HP LaserJet Pro See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_8746769-8746795...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
Feb 21, 2023