CVE-2023-1329

critical-risk
Published 2023-06-14

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.

Do I need to act?

~
7.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Laserjet Managed Mfp E62665 3Gy14A Firmware
Laserjet Managed Mfp E62665 3Gy15A Firmware
Laserjet Managed Mfp E62665 3Gy16A Firmware
Laserjet Managed Mfp E62665 3Gy17A Firmware
Laserjet Managed Mfp E62665 3Gy18A Firmware
Color Laserjet Enterprise Flow Mfp 5800Zf 49K96Av Firmware
Color Laserjet Enterprise Flow Mfp 5800Zf 58R10A Firmware
Color Laserjet Enterprise Flow Mfp 5800Zf 6Qn29A Firmware
Color Laserjet Enterprise Flow Mfp 5800Zf 6Qn30A Firmware
Color Laserjet Enterprise Flow Mfp 5800Zf 6Qn31A Firmware
Color Laserjet Enterprise Flow Mfp M577 B5L46A Firmware
Color Laserjet Enterprise Flow Mfp M577 B5L47A Firmware
Color Laserjet Enterprise Flow Mfp M577 B5L48A Firmware
Color Laserjet Enterprise Flow Mfp M577 B5L54A Firmware
Color Laserjet Enterprise Flow Mfp M578 7Zu85A Firmware
Color Laserjet Enterprise Flow Mfp M578 7Zu86A Firmware
Color Laserjet Enterprise Flow Mfp M578 7Zu87A Firmware
Color Laserjet Enterprise Flow Mfp M578 7Zu88A Firmware
Color Laserjet Enterprise Flow Mfp M681 J8A10A Firmware
Color Laserjet Enterprise Flow Mfp M681 J8A11A Firmware

Affected Vendors

Hp

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_8585737-8585769-16/hpsbpi03849
Vendor Advisory https://support.hp.com/us-en/document/ish_8585737-8585769-16/hpsbpi03849
75
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 33/34 · Critical