PT-2022-1904 · Hewlett Packard · Hp Print Devices

Published

2022-01-21

Updated

2022-03-29

CVE-2022-24292

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HP Print devices (affected versions not specified)

Description The issue is related to a buffer overflow in the PostScript interpreter of HP Print devices, which can lead to information disclosure, denial of service, or remote code execution. An attacker could exploit this to execute arbitrary code remotely. The vulnerability has been demonstrated in real-world scenarios, such as the Pwn2Own event, where it was used to exploit an HP LaserJet Pro MFP M283fdw device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126

Related Identifiers

BDU:2022-01440

CVE-2022-24292

ZDI-22-535

Affected Products

Hp Print Devices

PT-2022-1904 · Hewlett Packard · Hp Print Devices

CVE-2022-24292

Weakness Enumeration

Related Identifiers

Affected Products

References · 9