CVE-2021-3438

high-risk
Published 2021-05-20

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

Do I need to act?

-
0.55% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Color Laser 150 4Zb94A
Color Laser 150 4Zb95A
Color Laser Mfp 170 4Zb96A
Color Laser Mfp 170 4Zb97A
Color Laser Mfp 170 6Hu08A
Color Laser Mfp 170 6Hu09A
Laser 100 209U7A
Laser 100 4Zb79A
Laser 100 4Zb80A
Laser 100 4Zb81A
Laser 100 5Ue14A
Laser 408 7Uq75A
Laser Mfp 130 4Zb82A
Laser Mfp 130 4Zb83A
Laser Mfp 130 4Zb84A
Laser Mfp 130 4Zb85A
Laser Mfp 130 4Zb86A
Laser Mfp 130 4Zb87A
Laser Mfp 130 4Zb88A
Laser Mfp 130 4Zb89A

Affected Vendors

Hp Samsung

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_3900395-3833905-16
Vendor Advisory https://support.hp.com/us-en/document/ish_3900395-3833905-16
59
/ 100
high-risk
Severity 24/34 · High
Exploitability 2/34 · Minimal
Exposure 33/34 · Critical