Severity
High
Analysis Summary
CVE-2022-24292
Multiple HP printer models could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2022-24291
An unspecified error in Multiple HP printer models could allow a remote attacker to cause a denial of service.
CVE-2022-24293
Multiple HP printer models are vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system
CVE-2022-3942
Multiple HP Print products are vulnerable to a buffer overflow, caused by improper bounds checking by the Link-Local Multicast Name Resolution (LLMNR) component. By sending a specially-crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system
Impact
- Information Disclosure
- Denial of Service
- Buffer Overflow
Indicator Of Compromise
CVE
- CVE-2022-24292
- CVE-2022-24291
- CVE-2022-24293
- CVE-2022-3942
Affected Vendors
HP
Affected Products
- HP OfficeJet Pro 8210 Printer series
- HP PageWide 352dw Printer
- HP PageWide 377dw Multifunction Printer
- HP PageWide Managed P55250dw Printer series
- HP Color LaserJet Enterprise CM4540 MFP
- HP Color LaserJet Enterprise CP5525
- HP Color LaserJet Enterprise Flow MFP M578
- HP Color LaserJet Enterprise MFP M578
Remediation
Refer to HP Security Bypass for patch, upgrade or suggested workaround information.