CVE-2017-2743

high-risk

Published 2018-01-23

HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Do I need to act?

0.40% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Cc419A Firmware

Cc420A Firmware

Cc421A Firmware

Ce709A Firmware

Ce708A Firmware

Ce707A Firmware

Ce503A Firmware

Ce504A Firmware

Ce738A Firmware

Ce989A Firmware

Ce990A Firmware

Ce991A Firmware

Ce992A Firmware

Ce993A Firmware

Ce994A Firmware

Ce995A Firmware

Ce996A Firmware

Cf081A Firmware

Cf082A Firmware

Cf083A Firmware

Affected Vendors

References (2)

Vendor Advisory https://support.hp.com/us-en/document/c05541569

/ 100

high-risk

Severity 23/34 · High

Exploitability 2/34 · Minimal

Exposure 29/34 · Critical