CVE-2024-5143

Name of the Vulnerable Software and Affected Versions: HP Color LaserJet MFP M478-M479 series (affected versions not specified)

Description: The issue is related to a weakness in the authentication procedure of the HP Color LaserJet MFP M478-M479 series, which can potentially expose protected SMTP server credentials. A user with device administrative privileges can change existing SMTP server settings without having to re-enter SMTP server credentials, allowing send-to-email traffic to be redirected to a new server. This could lead to the exposure of the original SMTP server credentials.

Recommendations: For HP Color LaserJet MFP M478-M479 series, consider restricting access to the device administrative privileges to minimize the risk of exploitation. As a temporary workaround, avoid changing SMTP server settings on the device until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.