9.8
CVE-2023-35175
- EPSS 2.04%
- Published 30.06.2023 16:15:09
- Last modified 21.11.2024 08:08:05
- Source hp-security-alert@hp.com
- Teams watchlist Login
- Open Login
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
Data is provided by the National Vulnerability Database (NVD)
Hp ≫ Laserjet Pro Mfp M478-m479 W1a75a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M478-m479 W1a76a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M478-m479 W1a77a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M478-m479 W1a78a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M478-m479 W1a79a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M478-m479 W1a80a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M478-m479 W1a81a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M478-m479 W1a82a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M453-m454 W1y40a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M453-m454 W1y41a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M453-m454 W1y43a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M453-m454 W1y44a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M453-m454 W1y45a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M453-m454 W1y46a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M453-m454 W1y47a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M304-m305 W1a46a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M304-m305 W1a47a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M304-m305 W1a48a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M304-m305 W1a66a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 93m22a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a51a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a52a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a53a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a56a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a57a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a58a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a59a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a60a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro M404-m405 W1a63a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 F W1a29a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 F W1a30a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 F W1a32a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 F W1a34a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 F W1a35a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 F W1a38a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 W1a28a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 W1a31a Firmware Version < 002_2322c
Hp ≫ Laserjet Pro Mfp M428-m429 W1a33a Firmware Version < 002_2322c
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.04% | 0.829 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.