CVE-2023-35176 - Vulnerability Details

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00287.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HP Inc.

HP LaserJet Pro

affected

Version	Status	Constraints
`See HP Security Bulletin reference for affected versions.`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a75a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a75a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a76a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a76a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a77a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a77a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a78a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a78a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a79a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a79a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a80a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a80a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a81a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a81a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m478-m479_w1a82a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m478-m479_w1a82a:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Hp Subscribe	Laserjet Pro M304-m305 W1a46a Subscribe Laserjet Pro M304-m305 W1a46a Firmware Subscribe Laserjet Pro M304-m305 W1a47a Subscribe Laserjet Pro M304-m305 W1a47a Firmware Subscribe Laserjet Pro M304-m305 W1a48a Subscribe Laserjet Pro M304-m305 W1a48a Firmware Subscribe Laserjet Pro M304-m305 W1a66a Subscribe Laserjet Pro M304-m305 W1a66a Firmware Subscribe Laserjet Pro M404-m405 93m22a Subscribe Laserjet Pro M404-m405 93m22a Firmware Subscribe Laserjet Pro M404-m405 W1a51a Subscribe Laserjet Pro M404-m405 W1a51a Firmware Subscribe Laserjet Pro M404-m405 W1a52a Subscribe Laserjet Pro M404-m405 W1a52a Firmware Subscribe Laserjet Pro M404-m405 W1a53a Subscribe Laserjet Pro M404-m405 W1a53a Firmware Subscribe Laserjet Pro M404-m405 W1a56a Subscribe Laserjet Pro M404-m405 W1a56a Firmware Subscribe Laserjet Pro M404-m405 W1a57a Subscribe Laserjet Pro M404-m405 W1a57a Firmware Subscribe Laserjet Pro M404-m405 W1a58a Subscribe Laserjet Pro M404-m405 W1a58a Firmware Subscribe Laserjet Pro M404-m405 W1a59a Subscribe Laserjet Pro M404-m405 W1a59a Firmware Subscribe Laserjet Pro M404-m405 W1a60a Subscribe Laserjet Pro M404-m405 W1a60a Firmware Subscribe Laserjet Pro M404-m405 W1a63a Subscribe Laserjet Pro M404-m405 W1a63a Firmware Subscribe Laserjet Pro M453-m454 W1y40a Subscribe Laserjet Pro M453-m454 W1y40a Firmware Subscribe Laserjet Pro M453-m454 W1y41a Subscribe Laserjet Pro M453-m454 W1y41a Firmware Subscribe Laserjet Pro M453-m454 W1y43a Subscribe Laserjet Pro M453-m454 W1y43a Firmware Subscribe Laserjet Pro M453-m454 W1y44a Subscribe Laserjet Pro M453-m454 W1y44a Firmware Subscribe Laserjet Pro M453-m454 W1y45a Subscribe Laserjet Pro M453-m454 W1y45a Firmware Subscribe Laserjet Pro M453-m454 W1y46a Subscribe Laserjet Pro M453-m454 W1y46a Firmware Subscribe Laserjet Pro M453-m454 W1y47a Subscribe Laserjet Pro M453-m454 W1y47a Firmware Subscribe Laserjet Pro Mfp M428-m429 F W1a29a Subscribe Laserjet Pro Mfp M428-m429 F W1a29a Firmware Subscribe Laserjet Pro Mfp M428-m429 F W1a30a Subscribe Laserjet Pro Mfp M428-m429 F W1a30a Firmware Subscribe Laserjet Pro Mfp M428-m429 F W1a32a Subscribe Laserjet Pro Mfp M428-m429 F W1a32a Firmware Subscribe Laserjet Pro Mfp M428-m429 F W1a34a Subscribe Laserjet Pro Mfp M428-m429 F W1a34a Firmware Subscribe Laserjet Pro Mfp M428-m429 F W1a35a Subscribe Laserjet Pro Mfp M428-m429 F W1a35a Firmware Subscribe Laserjet Pro Mfp M428-m429 F W1a38a Subscribe Laserjet Pro Mfp M428-m429 F W1a38a Firmware Subscribe Laserjet Pro Mfp M428-m429 W1a28a Subscribe Laserjet Pro Mfp M428-m429 W1a28a Firmware Subscribe Laserjet Pro Mfp M428-m429 W1a31a Subscribe Laserjet Pro Mfp M428-m429 W1a31a Firmware Subscribe Laserjet Pro Mfp M428-m429 W1a33a Subscribe Laserjet Pro Mfp M428-m429 W1a33a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a75a Subscribe Laserjet Pro Mfp M478-m479 W1a75a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a76a Subscribe Laserjet Pro Mfp M478-m479 W1a76a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a77a Subscribe Laserjet Pro Mfp M478-m479 W1a77a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a78a Subscribe Laserjet Pro Mfp M478-m479 W1a78a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a79a Subscribe Laserjet Pro Mfp M478-m479 W1a79a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a80a Subscribe Laserjet Pro Mfp M478-m479 W1a80a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a81a Subscribe Laserjet Pro Mfp M478-m479 W1a81a Firmware Subscribe Laserjet Pro Mfp M478-m479 W1a82a Subscribe Laserjet Pro Mfp M478-m479 W1a82a Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-39179	Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852

History

Wed, 04 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2023-06-30T15:44:41.868Z

Updated: 2024-12-04T17:02:44.165Z

Reserved: 2023-06-14T15:14:52.289Z

Link: CVE-2023-35176

Vulnrichment

Updated: 2024-08-02T16:23:59.364Z

NVD

Status : Modified

Published: 2023-06-30T16:15:09.687

Modified: 2024-11-21T08:08:05.853

Link: CVE-2023-35176

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-120

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object