CVE-2018-5921

high-risk

Published 2018-10-03

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

F2A70A Firmware

F2A71A Firmware

F2A67A Firmware

B5L26A Firmware

B5L39A Firmware

C2S11A Firmware

C2S11V Firmware

C2S12A Firmware

C2S12V Firmware

L1H45A Firmware

G1W46A Firmware

G1W46V Firmware

G1W47A Firmware

G1W47V Firmware

L3U44A Firmware

E6B71A Firmware

E6B73A Firmware

K0Q14A Firmware

K0Q15A Firmware

K0Q17A Firmware

Affected Vendors

References (2)

Vendor Advisory https://support.hp.com/us-en/document/c05949322

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical