PT-2019-2241 · Hewlett Packard · Hp Laserjet Pro Mfp M28-M31+1

Published

2019-05-31

Updated

2019-06-18

CVE-2019-6326

CVSS v2.0

9.7

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419 HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426

Description The issue is related to the embedded web server attributes of the printers, which may be potentially vulnerable to Buffer Overflow. It is also associated with a cross-site request forgery vulnerability that could allow a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419, update to a version 20190419 or later. For HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426, update to a version 20190426 or later.

Fix

CSRF

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-119

Related Identifiers

BDU:2019-02012

CVE-2019-6326

Affected Products

Hp Color Laserjet Pro M280-M281

Hp Laserjet Pro Mfp M28-M31

PT-2019-2241 · Hewlett Packard · Hp Laserjet Pro Mfp M28-M31+1

CVE-2019-6326

Weakness Enumeration

Related Identifiers

Affected Products

References · 6