PT-2019-2855 · Hewlett Packard · Hp Laserjet Pro Mfp M28-M31+1

Published

2019-05-31

Updated

2019-06-18

CVE-2019-6324

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419 HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426

Description The issue is related to an embedded web server in the printers, which may be vulnerable to stored XSS in the wireless configuration page. This vulnerability exists due to inadequate protection of the web page structure. Exploitation of this issue could allow a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419, update to a version 20190419 or later. For HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426, update to a version 20190426 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-02820

CVE-2019-6324

Affected Products

Hp Color Laserjet Pro M280-M281

Hp Laserjet Pro Mfp M28-M31

PT-2019-2855 · Hewlett Packard · Hp Laserjet Pro Mfp M28-M31+1

CVE-2019-6324

Weakness Enumeration

Related Identifiers

Affected Products

References · 4