CVE-2024-2301 - Vulnerability Details

Description

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.

Published: 2024-05-23

Score: 7.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HP Inc.

Certain HP LaserJet Pro Devices

affected

Version	Status	Constraints
`See HP Security Bulletin reference for affected versions.`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hp:cz181a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz181a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:cz182a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz182a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:cz187a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz187a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:cz183a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz183a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hp:cz172a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz172a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hp:cz173a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz173a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:cz176a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz176a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:cz177a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz177a:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hp:cz178a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz178a:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hp:cz174a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz174a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hp:cz175a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz175a:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hp:cz184a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz184a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hp:cz185a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz185a:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hp:cz186a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz186a:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00743.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940

History

Mon, 26 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hp Hp cz172a Hp cz172a Firmware Hp cz173a Hp cz173a Firmware Hp cz174a Hp cz174a Firmware Hp cz175a Hp cz175a Firmware Hp cz176a Hp cz176a Firmware Hp cz177a Hp cz177a Firmware Hp cz178a Hp cz178a Firmware Hp cz181a Hp cz181a Firmware Hp cz182a Hp cz182a Firmware Hp cz183a Hp cz183a Firmware Hp cz184a Hp cz184a Firmware Hp cz185a Hp cz185a Firmware Hp cz186a Hp cz186a Firmware Hp cz187a Hp cz187a Firmware
CPEs		cpe:2.3:h:hp:cz172a:-:::::::* cpe:2.3:h:hp:cz173a:-:::::::* cpe:2.3:h:hp:cz174a:-:::::::* cpe:2.3:h:hp:cz175a:-:::::::* cpe:2.3:h:hp:cz176a:-:::::::* cpe:2.3:h:hp:cz177a:-:::::::* cpe:2.3:h:hp:cz178a:-:::::::* cpe:2.3:h:hp:cz181a:-:::::::* cpe:2.3:h:hp:cz182a:-:::::::* cpe:2.3:h:hp:cz183a:-:::::::* cpe:2.3:h:hp:cz184a:-:::::::* cpe:2.3:h:hp:cz185a:-:::::::* cpe:2.3:h:hp:cz186a:-:::::::* cpe:2.3:h:hp:cz187a:-:::::::* cpe:2.3:o:hp:cz172a_firmware:::::::: cpe:2.3:o:hp:cz173a_firmware:::::::: cpe:2.3:o:hp:cz174a_firmware:::::::: cpe:2.3:o:hp:cz175a_firmware:::::::: cpe:2.3:o:hp:cz176a_firmware:::::::: cpe:2.3:o:hp:cz177a_firmware:::::::: cpe:2.3:o:hp:cz178a_firmware:::::::: cpe:2.3:o:hp:cz181a_firmware:::::::: cpe:2.3:o:hp:cz182a_firmware:::::::: cpe:2.3:o:hp:cz183a_firmware:::::::: cpe:2.3:o:hp:cz184a_firmware:::::::: cpe:2.3:o:hp:cz185a_firmware:::::::: cpe:2.3:o:hp:cz186a_firmware:::::::: cpe:2.3:o:hp:cz187a_firmware::::::::
Vendors & Products		Hp Hp cz172a Hp cz172a Firmware Hp cz173a Hp cz173a Firmware Hp cz174a Hp cz174a Firmware Hp cz175a Hp cz175a Firmware Hp cz176a Hp cz176a Firmware Hp cz177a Hp cz177a Firmware Hp cz178a Hp cz178a Firmware Hp cz181a Hp cz181a Firmware Hp cz182a Hp cz182a Firmware Hp cz183a Hp cz183a Firmware Hp cz184a Hp cz184a Firmware Hp cz185a Hp cz185a Firmware Hp cz186a Hp cz186a Firmware Hp cz187a Hp cz187a Firmware

Fri, 14 Mar 2025 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-79
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Hp Cz172a Cz172a Firmware Cz173a Cz173a Firmware Cz174a Cz174a Firmware Cz175a Cz175a Firmware Cz176a Cz176a Firmware Cz177a Cz177a Firmware Cz178a Cz178a Firmware Cz181a Cz181a Firmware Cz182a Cz182a Firmware Cz183a Cz183a Firmware Cz184a Cz184a Firmware Cz185a Cz185a Firmware Cz186a Cz186a Firmware Cz187a Cz187a Firmware

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2024-05-23T16:53:24.873Z

Updated: 2025-03-14T00:42:36.618Z

Reserved: 2024-03-07T19:37:08.839Z

Link: CVE-2024-2301

Vulnrichment

Updated: 2024-08-01T19:11:53.453Z

NVD

Status : Analyzed

Published: 2024-05-23T17:15:28.810

Modified: 2026-01-26T14:02:48.033

Link: CVE-2024-2301

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object