CVE-2018-5925

high-risk

Published 2018-08-13

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

Do I need to act?

7.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

T8X44 Firmware

3Aw51A Firmware

A9U28B Firmware

D3A82A Firmware

V1N08A Firmware

Y5H80A Firmware

D4H24B Firmware

F5S57A Firmware

K4T99B Firmware

K4U04B Firmware

T8X39 Firmware

1Sh08 Firmware

3Aw44A Firmware

A9U19A Firmware

D3A78B Firmware

4Uj28B Firmware

V1N01A Firmware

Y5H60A Firmware

D4H22A Firmware

J6U57B Firmware

Affected Vendors

References (8)

Third Party Advisory http://www.securityfocus.com/bid/105010

Third Party Advisory http://www.securitytracker.com/id/1041415

Exploit https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

Vendor Advisory https://support.hp.com/us-en/document/c06097712

Third Party Advisory http://www.securityfocus.com/bid/105010

Third Party Advisory http://www.securitytracker.com/id/1041415

Exploit https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

Vendor Advisory https://support.hp.com/us-en/document/c06097712

/ 100

high-risk

Severity 24/34 · High

Exploitability 10/34 · Low

Exposure 33/34 · Critical