PT-2021-5430 · Hewlett Packard · Hp Laserjet Enterprise+3
Published
2021-11-01
·
Updated
2021-12-01
·
CVE-2021-39238
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed versions (affected versions not specified)
Description
The issue is related to a buffer overflow in the memory of HP printers, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved by sending a specially crafted PDF document to the printer, causing a buffer overflow in the font handler and allowing the execution of code at the firmware level. The problem has been present since 2013 and was fixed in firmware updates published on November 1.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp Laserjet Enterprise
Hp Pagewide Enterprise
Hp Laserjet Managed
Hp Pagewide Managed