Multiple vulnerabilities in HP Print Products

1) Out-of-bounds read

EUVDB-ID: #VU61595

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-24292

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the PostScript interpreter. A remote attacker on the local network can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

HP Color LaserJet Pro MFP M2XX: All versions

HP Color LaserJet Pro M453 - M454: All versions

HP Color LaserJet Pro MFP M478: All versions

HP Color LaserJet Pro MFP M479: All versions

HP LaserJet Pro M304: All versions

HP LaserJet Pro M305: All versions

HP LaserJet Pro M404: All versions

HP LaserJet Pro M405: All versions

HP LaserJet Pro MFP M428: All versions

HP LaserJet Pro MFP M429: All versions

HP LaserJet Pro MFP M429 F: All versions

HP PageWide 352dw Printer: All versions

HP PageWide 377dw Multifunction Printer: All versions

HP PageWide Managed P55250dw Printer series: All versions

HP PageWide Managed P57750dw Multifunction Printer: All versions

HP PageWide Pro 452dn Printer series: All versions

HP PageWide Pro 452dw Printer series: All versions

HP PageWide Pro 477dn Multifunction Printer series: All versions

HP PageWide Pro 477dw Multifunction Printer series: All versions

HP PageWide Pro 552dw Printer series: All versions

HP PageWide Pro 577 Multifunction Printer series: All versions

HP OfficeJet Pro 8210 Printer series: All versions

HP OfficeJet Pro 8216 Printer series: All versions

HP OfficeJet Pro 8730 All-in-One Printer: All versions

HP OfficeJet Pro 8740 All-in-One Printer series: All versions

CPE2.3

• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m2xx:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_m453_-_m454:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m478:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m479:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m304:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m305:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m404:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m405:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m428:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m429:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m429_f:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_352dw_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_377dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p55250dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p57750dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dn_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dn_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dw_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_552dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_577_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8210_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8216_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8730_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8740_all-in-one_printer_series:*:*:*:*:*:*:*:*

External links

https://support.hp.com/us-en/document/ish_5950417-5950443-16
https://www.zerodayinitiative.com/advisories/ZDI-22-535/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU61597

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-24293

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the eContactRestore within the address book feature. A remote user on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

HP Color LaserJet Pro MFP M2XX: All versions

HP Color LaserJet Pro M453 - M454: All versions

HP Color LaserJet Pro MFP M478: All versions

HP Color LaserJet Pro MFP M479: All versions

HP LaserJet Pro M304: All versions

HP LaserJet Pro M305: All versions

HP LaserJet Pro M404: All versions

HP LaserJet Pro M405: All versions

HP LaserJet Pro MFP M428: All versions

HP LaserJet Pro MFP M429: All versions

HP LaserJet Pro MFP M429 F: All versions

HP PageWide 352dw Printer: All versions

HP PageWide 377dw Multifunction Printer: All versions

HP PageWide Managed P55250dw Printer series: All versions

HP PageWide Managed P57750dw Multifunction Printer: All versions

HP PageWide Pro 452dn Printer series: All versions

HP PageWide Pro 452dw Printer series: All versions

HP PageWide Pro 477dn Multifunction Printer series: All versions

HP PageWide Pro 477dw Multifunction Printer series: All versions

HP PageWide Pro 552dw Printer series: All versions

HP PageWide Pro 577 Multifunction Printer series: All versions

HP OfficeJet Pro 8210 Printer series: All versions

HP OfficeJet Pro 8216 Printer series: All versions

HP OfficeJet Pro 8730 All-in-One Printer: All versions

HP OfficeJet Pro 8740 All-in-One Printer series: All versions

CPE2.3

• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m2xx:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_m453_-_m454:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m478:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m479:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m304:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m305:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m404:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m405:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m428:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m429:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m429_f:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_352dw_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_377dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p55250dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p57750dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dn_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dn_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dw_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_552dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_577_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8210_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8216_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8730_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8740_all-in-one_printer_series:*:*:*:*:*:*:*:*

External links

https://support.hp.com/us-en/document/ish_5950417-5950443-16
https://www.zerodayinitiative.com/advisories/ZDI-22-533/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU61596

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-24291

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ScanJobs API. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

HP Color LaserJet Pro MFP M2XX: All versions

HP Color LaserJet Pro M453 - M454: All versions

HP Color LaserJet Pro MFP M478: All versions

HP Color LaserJet Pro MFP M479: All versions

HP LaserJet Pro M304: All versions

HP LaserJet Pro M305: All versions

HP LaserJet Pro M404: All versions

HP LaserJet Pro M405: All versions

HP LaserJet Pro MFP M428: All versions

HP LaserJet Pro MFP M429: All versions

HP LaserJet Pro MFP M429 F: All versions

HP PageWide 352dw Printer: All versions

HP PageWide 377dw Multifunction Printer: All versions

HP PageWide Managed P55250dw Printer series: All versions

HP PageWide Managed P57750dw Multifunction Printer: All versions

HP PageWide Pro 452dn Printer series: All versions

HP PageWide Pro 452dw Printer series: All versions

HP PageWide Pro 477dn Multifunction Printer series: All versions

HP PageWide Pro 477dw Multifunction Printer series: All versions

HP PageWide Pro 552dw Printer series: All versions

HP PageWide Pro 577 Multifunction Printer series: All versions

HP OfficeJet Pro 8210 Printer series: All versions

HP OfficeJet Pro 8216 Printer series: All versions

HP OfficeJet Pro 8730 All-in-One Printer: All versions

HP OfficeJet Pro 8740 All-in-One Printer series: All versions

CPE2.3

• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m2xx:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_m453_-_m454:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m478:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_mfp_m479:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m304:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m305:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m404:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m405:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m428:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m429:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m429_f:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_352dw_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_377dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p55250dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p57750dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dn_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dn_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dw_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_552dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_577_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8210_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8216_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8730_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8740_all-in-one_printer_series:*:*:*:*:*:*:*:*

External links

https://support.hp.com/us-en/document/ish_5950417-5950443-16
https://www.zerodayinitiative.com/advisories/ZDI-22-534/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.