CVE-2020-28419
high-risk
Published 2021-11-09
During installation with certain driver software or application packages an arbitrary code execution could occur.
Do I need to act?
-
0.78% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Color Laserjet Cm4540 Mfp Firmware
Color Laserjet Enterprise Flow Mfp M880Z Firmware
Color Laserjet Managed Flow Mfp M880Zm Firmware
Color Laserjet Enterprise M455 Firmware
Color Laserjet Enterprise M552 Firmware
Color Laserjet Enterprise M553 Firmware
Color Laserjet Managed M553 Firmware
Color Laserjet Enterprise M651 Firmware
Color Laserjet Managed M651 Firmware
Color Laserjet Enterprise M750 Firmware
Color Laserjet Enterprise M855 Firmware
Color Laserjet Enterprise M856 Firmware
Color Laserjet Managed E85055 Firmware
Color Laserjet Enterprise Mfp M480
Color Laserjet Enterprise Mfp M577 Firmware
Color Laserjet Enterprise Flow Mfp M577 Firmware
Color Laserjet Enterprise Mfp M680 Firmware
Color Laserjet Enterprise Flow Mfp M680 Firmware
Color Laserjet Managed E45028 Firmware
Color Laserjet Managed E75245 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.hp.com/us-en/document/c07058567
Vendor Advisory
https://support.hp.com/us-en/document/c07058567
66
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
3/34 · Minimal
Exposure
33/34 · Critical