CVE-2020-28416
high-risk
Published 2021-11-03
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Officejet 4650 E6G87A Firmware
Officejet 4650 F1H96A Firmware
Officejet 4650 F1H96B Firmware
Officejet 4650 F1J03A Firmware
Officejet 4650 F1J04A Firmware
Officejet 4650 F9D37A Firmware
Officejet 4650 K9V77A Firmware
Officejet 4650 K9V85B Firmware
Officejet 4651 K9V83B Firmware
Officejet 4652 F1J02A Firmware
Officejet 4652 F1J05B Firmware
Officejet 4652 K9V84B Firmware
Officejet 4654 F1J06B Firmware
Officejet 4654 F1J07B Firmware
Officejet 4654 K9V76A Firmware
Officejet 4655 F1J00A Firmware
Officejet 4655 K9V82B Firmware
Officejet 4656 K9V81B Firmware
Officejet 4657 V6D27B Firmware
Officejet 4657 V6D29B Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.hp.com/us-en/document/c07051163
Vendor Advisory
https://support.hp.com/us-en/document/c07051163
57
/ 100
high-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
33/34 · Critical