CVE-2019-16240
high-risk
Published 2021-11-09
A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.
Do I need to act?
-
0.60% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Pagewide Pro 577Z K9Z76A Firmware
Pagewide Pro 577Z K9Z76B Firmware
Pagewide Pro 577Z K9Z76D Firmware
Pagewide Pro 577Dw D3Q21A Firmware
Pagewide Pro 577Dw D3Q21B Firmware
Pagewide Pro 577Dw D3Q21C Firmware
Pagewide Pro 577Dw D3Q21D Firmware
Pagewide Pro 552Dw 2Dr21D Firmware
Pagewide Pro 552Dw D3Q17A Firmware
Pagewide Pro 552Dw D3Q17D Firmware
Pagewide Pro 552Dw K9Z74A Firmware
Pagewide Pro 552Dw K9Z74D Firmware
Pagewide Pro 477Dw D3Q20A Firmware
Pagewide Pro 477Dw D3Q20B Firmware
Pagewide Pro 477Dw D3Q20C Firmware
Pagewide Pro 477Dw D3Q20D Firmware
Pagewide Pro 477Dw W2Z53B Firmware
Pagewide Pro 477Dn D3Q19D Firmware
Pagewide Pro 477Dn D3Q19B Firmware
Pagewide Pro 477Dn D3Q19A Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.hp.com/us-en/document/c06458150
Vendor Advisory
https://support.hp.com/us-en/document/c06458150
58
/ 100
high-risk
Severity
31/34 · Critical
Exploitability
2/34 · Minimal
Exposure
25/34 · High