CVE-2019-6318
high-risk
Published 2019-04-11
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.
Do I need to act?
~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Color Laserjet Cm4540 Mfp Firmware
Color Laserjet Enterprise Cp5525 Firmware
Color Laserjet Enterprise M553 Firmware
Color Laserjet Enterprise M552 Firmware
Color Laserjet Managed M553 Firmware
Color Laserjet Enterprise M651 Firmware
Color Laserjet Managed M651 Firmware
Color Laserjet Enterprise M652 Firmware
Color Laserjet Enterprise M653 Firmware
Color Laserjet Enterprise M750 Firmware
Color Laserjet Enterprise M855 Firmware
Color Laserjet Enterprise Mfp M577 Firmware
Color Laserjet Enterprise Flow Mfp M577 Firmware
Color Laserjet Enterprise Mfp M680 Firmware
Color Laserjet Enterprise Flow Mfp M680 Firmware
Color Laserjet Enterprise Mfp M681 Firmware
Color Laserjet Enterprise Flow Mfp M681 Firmware
Color Laserjet Enterprise Mfp M682 Firmware
Color Laserjet Enterprise Flow Mfp M682 Firmware
Color Laserjet Enterprise Flow Mfp M880Z Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.hp.com/us-en/document/c06265454
Vendor Advisory
https://support.hp.com/us-en/document/c06265454
68
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
32/34 · Critical