PT-2019-2242 · Hewlett Packard · Hp Laserjet Pro Mfp M28-M31+1

Published

2019-05-31

Updated

2019-10-24

CVE-2019-6327

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419 HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426

Description The issue is related to a potential Buffer Overflow in the IPP Parser. It may also be associated with a Cross-Site Request Forgery (CSRF) vulnerability in the HP Color LaserJet Pro printer series' firmware, which could allow a remote attacker to cause a denial of service.

Recommendations For HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419, update to a version 20190419 or later. For HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426, update to a version 20190426 or later.

Fix

CSRF

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-120

Related Identifiers

BDU:2019-02013

CVE-2019-6327

Affected Products

Hp Color Laserjet Pro M280-M281

Hp Laserjet Pro Mfp M28-M31

PT-2019-2242 · Hewlett Packard · Hp Laserjet Pro Mfp M28-M31+1

CVE-2019-6327

Weakness Enumeration

Related Identifiers

Affected Products

References · 4