#VU61596 Buffer overflow in HP Development Company products - CVE-2022-24291
Published: March 24, 2022
Vulnerability identifier: #VU61596
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-24291
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
HP Color LaserJet Pro MFP M2XX
HP Color LaserJet Pro M453 - M454
HP Color LaserJet Pro MFP M478
HP Color LaserJet Pro MFP M479
HP LaserJet Pro M304
HP LaserJet Pro M305
HP LaserJet Pro M404
HP LaserJet Pro M405
HP LaserJet Pro MFP M428
HP LaserJet Pro MFP M429
HP LaserJet Pro MFP M429 F
HP PageWide 352dw Printer
HP PageWide 377dw Multifunction Printer
HP PageWide Managed P55250dw Printer series
HP PageWide Managed P57750dw Multifunction Printer
HP PageWide Pro 452dn Printer series
HP PageWide Pro 452dw Printer series
HP PageWide Pro 477dn Multifunction Printer series
HP PageWide Pro 477dw Multifunction Printer series
HP PageWide Pro 552dw Printer series
HP PageWide Pro 577 Multifunction Printer series
HP OfficeJet Pro 8210 Printer series
HP OfficeJet Pro 8216 Printer series
HP OfficeJet Pro 8730 All-in-One Printer
HP OfficeJet Pro 8740 All-in-One Printer series
HP Color LaserJet Pro MFP M2XX
HP Color LaserJet Pro M453 - M454
HP Color LaserJet Pro MFP M478
HP Color LaserJet Pro MFP M479
HP LaserJet Pro M304
HP LaserJet Pro M305
HP LaserJet Pro M404
HP LaserJet Pro M405
HP LaserJet Pro MFP M428
HP LaserJet Pro MFP M429
HP LaserJet Pro MFP M429 F
HP PageWide 352dw Printer
HP PageWide 377dw Multifunction Printer
HP PageWide Managed P55250dw Printer series
HP PageWide Managed P57750dw Multifunction Printer
HP PageWide Pro 452dn Printer series
HP PageWide Pro 452dw Printer series
HP PageWide Pro 477dn Multifunction Printer series
HP PageWide Pro 477dw Multifunction Printer series
HP PageWide Pro 552dw Printer series
HP PageWide Pro 577 Multifunction Printer series
HP OfficeJet Pro 8210 Printer series
HP OfficeJet Pro 8216 Printer series
HP OfficeJet Pro 8730 All-in-One Printer
HP OfficeJet Pro 8740 All-in-One Printer series
Software vendor:
HP Development Company
HP Development Company
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the ScanJobs API. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.