#VU61597 Stack-based buffer overflow in HP Development Company products - CVE-2022-24293
Published: March 24, 2022
Vulnerability identifier: #VU61597
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-24293
CWE-ID: CWE-121
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
HP Color LaserJet Pro MFP M2XX
HP Color LaserJet Pro M453 - M454
HP Color LaserJet Pro MFP M478
HP Color LaserJet Pro MFP M479
HP LaserJet Pro M304
HP LaserJet Pro M305
HP LaserJet Pro M404
HP LaserJet Pro M405
HP LaserJet Pro MFP M428
HP LaserJet Pro MFP M429
HP LaserJet Pro MFP M429 F
HP PageWide 352dw Printer
HP PageWide 377dw Multifunction Printer
HP PageWide Managed P55250dw Printer series
HP PageWide Managed P57750dw Multifunction Printer
HP PageWide Pro 452dn Printer series
HP PageWide Pro 452dw Printer series
HP PageWide Pro 477dn Multifunction Printer series
HP PageWide Pro 477dw Multifunction Printer series
HP PageWide Pro 552dw Printer series
HP PageWide Pro 577 Multifunction Printer series
HP OfficeJet Pro 8210 Printer series
HP OfficeJet Pro 8216 Printer series
HP OfficeJet Pro 8730 All-in-One Printer
HP OfficeJet Pro 8740 All-in-One Printer series
HP Color LaserJet Pro MFP M2XX
HP Color LaserJet Pro M453 - M454
HP Color LaserJet Pro MFP M478
HP Color LaserJet Pro MFP M479
HP LaserJet Pro M304
HP LaserJet Pro M305
HP LaserJet Pro M404
HP LaserJet Pro M405
HP LaserJet Pro MFP M428
HP LaserJet Pro MFP M429
HP LaserJet Pro MFP M429 F
HP PageWide 352dw Printer
HP PageWide 377dw Multifunction Printer
HP PageWide Managed P55250dw Printer series
HP PageWide Managed P57750dw Multifunction Printer
HP PageWide Pro 452dn Printer series
HP PageWide Pro 452dw Printer series
HP PageWide Pro 477dn Multifunction Printer series
HP PageWide Pro 477dw Multifunction Printer series
HP PageWide Pro 552dw Printer series
HP PageWide Pro 577 Multifunction Printer series
HP OfficeJet Pro 8210 Printer series
HP OfficeJet Pro 8216 Printer series
HP OfficeJet Pro 8730 All-in-One Printer
HP OfficeJet Pro 8740 All-in-One Printer series
Software vendor:
HP Development Company
HP Development Company
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the eContactRestore within the address book feature. A remote user on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.