CVE-2018-5924

critical-risk

Published 2018-08-13

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

Do I need to act?

18.6% chance of exploitation in next 30 days

EPSS score — higher than 81% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

T8X44 Firmware

3Aw51A Firmware

A9U28B Firmware

D3A82A Firmware

V1N08A Firmware

Y5H80A Firmware

D4H24B Firmware

F5S57A Firmware

K4T99B Firmware

K4U04B Firmware

T8X39 Firmware

1Sh08 Firmware

3Aw44A Firmware

A9U19A Firmware

D3A78B Firmware

4Uj28B Firmware

V1N01A Firmware

Y5H60A Firmware

D4H22A Firmware

J6U57B Firmware

Affected Vendors

References (8)

Third Party Advisory http://www.securityfocus.com/bid/105010

Third Party Advisory http://www.securitytracker.com/id/1041415

Third Party Advisory https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

Vendor Advisory https://support.hp.com/us-en/document/c06097712

Third Party Advisory http://www.securityfocus.com/bid/105010

Third Party Advisory http://www.securitytracker.com/id/1041415

Third Party Advisory https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

Vendor Advisory https://support.hp.com/us-en/document/c06097712

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 13/34 · Low

Exposure 33/34 · Critical