Sign-up

ID

VAR-201906-0401


CVE

CVE-2019-6326


TITLE

HP Color LaserJet Pro M280-M281 and MFP M28-M31 Multifunction Printer Series buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005535

DESCRIPTION

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A buffer overflow vulnerability exists in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and prior versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. A cross-site scripting vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. Multiple buffer-overflow vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device

Trust: 2.52

sources: NVD: CVE-2019-6326 // JVNDB: JVNDB-2019-005535 // CNVD: CNVD-2019-23316 // BID: 108828 // VULMON: CVE-2019-6326

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-23316

AFFECTED PRODUCTS

vendor:hpmodel:y5s53ascope:ltversion:2019-04-26

Trust: 1.0

vendor:hpmodel:t6b80ascope:ltversion:2019-04-19

Trust: 1.0

vendor:hpmodel:y5s55ascope:ltversion:2019-04-26

Trust: 1.0

vendor:hpmodel:w2g54ascope:ltversion:2019-04-26

Trust: 1.0

vendor:hpmodel:t6b82ascope:ltversion:2019-04-19

Trust: 1.0

vendor:hpmodel:y5s54ascope:ltversion:2019-04-26

Trust: 1.0

vendor:hpmodel:w2g55ascope:ltversion:2019-04-26

Trust: 1.0

vendor:hpmodel:t6b81ascope:ltversion:2019-04-19

Trust: 1.0

vendor:hpmodel:t6b83ascope:ltversion:2019-04-19

Trust: 1.0

vendor:hpmodel:y5s50ascope:ltversion:2019-04-26

Trust: 1.0

vendor:hewlett packardmodel:t6b80ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:t6b81ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:t6b82ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:t6b83ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:w2g54ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:w2g55ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:y5s50ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:y5s53ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:y5s54ascope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:y5s55ascope: - version: -

Trust: 0.8

vendor:hpmodel:color laserjet pro mm multifunction printer seriesscope:ltversion:20190419

Trust: 0.6

vendor:hpmodel:laserjet pro mfp mm printer seriesscope:ltversion:20190426

Trust: 0.6

vendor:hpmodel:laserjet pro mfp m28-m31 printerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:color laserjet pro m280-m281 multifunction printerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet pro mfp m28-m31 printerscope:neversion:20190426

Trust: 0.3

vendor:hpmodel:color laserjet pro m280-m281 multifunction printerscope:neversion:20190419

Trust: 0.3

sources: CNVD: CNVD-2019-23316 // BID: 108828 // JVNDB: JVNDB-2019-005535 // NVD: CVE-2019-6326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6326
value: HIGH

Trust: 1.0

NVD: CVE-2019-6326
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-23316
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-651
value: HIGH

Trust: 0.6

VULMON: CVE-2019-6326
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6326
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-23316
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-6326
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-23316 // VULMON: CVE-2019-6326 // JVNDB: JVNDB-2019-005535 // CNNVD: CNNVD-201906-651 // NVD: CVE-2019-6326

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2019-005535 // NVD: CVE-2019-6326

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-651

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-651

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005535

PATCH
title:c06356322url:https://support.hp.com/us-en/document/c06356322
Trust: 0.8
title:Patch for HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries Buffer Overflow Vulnerability (CNVD-2019-23316)url:https://www.cnvd.org.cn/patchInfo/show/169501
Trust: 0.6
title:HP Color LaserJet Pro M280-M281 Multifunction Printer series  and HP LaserJet Pro MFP M28-M31 Printer series Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93860
Trust: 0.6
title:HP: HPSBPI03619 rev. 1 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03619
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=ba64aca578c0d92038b9ebc28339506c
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=cdb96be2e472163f1a304e2ae979d5f4
Trust: 0.1
title:Threatposturl:https://threatpost.com/office-printers-hackers-open-door/147083/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23316 // 
            
            
            
            VULMON: CVE-2019-6326 // 
            
            
            
            JVNDB: JVNDB-2019-005535 // 
            
            
            
            CNNVD: CNNVD-201906-651

EXTERNAL IDS
db:NVDid:CVE-2019-6326
Trust: 3.4
db:JVNDBid:JVNDB-2019-005535
Trust: 0.8
db:CNVDid:CNVD-2019-23316
Trust: 0.6
db:CNNVDid:CNNVD-201906-651
Trust: 0.6
db:BIDid:108828
Trust: 0.3
db:VULMONid:CVE-2019-6326
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23316 // 
            
            
            
            VULMON: CVE-2019-6326 // 
            
            
            
            BID: 108828 // 
            
            
            
            JVNDB: JVNDB-2019-005535 // 
            
            
            
            CNNVD: CNNVD-201906-651 // 
            
            
            
            NVD: CVE-2019-6326

REFERENCES
url:https://support.hp.com/us-en/document/c06356322
Trust: 2.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6326
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6326
Trust: 0.8
url:https://vigilance.fr/vulnerability/hp-laserjet-pro-five-vulnerabilities-29557
Trust: 0.6
url:www.hp.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/office-printers-hackers-open-door/147083/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23316 // 
            
            
            
            VULMON: CVE-2019-6326 // 
            
            
            
            BID: 108828 // 
            
            
            
            JVNDB: JVNDB-2019-005535 // 
            
            
            
            CNNVD: CNNVD-201906-651 // 
            
            
            
            NVD: CVE-2019-6326

CREDITS
Mario Rivas and Daniel Romero, NCC Group
Trust: 0.3
sources:
            
            
            BID: 108828

SOURCES
db:CNVDid:CNVD-2019-23316
db:VULMONid:CVE-2019-6326
db:BIDid:108828
db:JVNDBid:JVNDB-2019-005535
db:CNNVDid:CNNVD-201906-651
db:NVDid:CVE-2019-6326

LAST UPDATE DATE
2024-11-23T22:06:10.717000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-23316date:2019-07-19T00:00:00
db:VULMONid:CVE-2019-6326date:2019-06-18T00:00:00
db:BIDid:108828date:2019-05-31T00:00:00
db:JVNDBid:JVNDB-2019-005535date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-651date:2019-07-02T00:00:00
db:NVDid:CVE-2019-6326date:2024-11-21T04:46:24.950

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-23316date:2019-07-18T00:00:00
db:VULMONid:CVE-2019-6326date:2019-06-17T00:00:00
db:BIDid:108828date:2019-05-31T00:00:00
db:JVNDBid:JVNDB-2019-005535date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-651date:2019-06-17T00:00:00
db:NVDid:CVE-2019-6326date:2019-06-17T16:15:12.747