Vulnerability-Lookup

CVE-2019-6327 (GCVE-0-2019-6327)

Vulnerability from cvelistv5 – Published: 2019-06-17 15:55 – Updated: 2024-08-04 20:16

Summary

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Buffer overflow.

Assigner

References

1 reference

URL	Tags
https://support.hp.com/us-en/document/c06356322	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series	Affected: before 20190419 Affected: before 20190426

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/c06356322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 20190419"
            },
            {
              "status": "affected",
              "version": "before 20190426"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer overflow.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-17T15:55:40.000Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.hp.com/us-en/document/c06356322"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2019-6327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 20190419"
                          },
                          {
                            "version_value": "before 20190426"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/c06356322",
              "refsource": "MISC",
              "url": "https://support.hp.com/us-en/document/c06356322"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2019-6327",
    "datePublished": "2019-06-17T15:55:40.000Z",
    "dateReserved": "2019-01-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:16:24.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-6327",
      "date": "2026-06-29",
      "epss": "0.02374",
      "percentile": "0.81735"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6327\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2019-06-17T16:15:12.793\",\"lastModified\":\"2024-11-21T04:46:25.067\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.\"},{\"lang\":\"es\",\"value\":\"La serie de impresoras multifunci\u00f3n HP Color LaserJet Pro M280-M281 (antes v. 20190419), la serie de impresoras HP LaserJet Pro MFP M28-M31 (antes v. 20190426) puede tener un analizador IPP potencialmente vulnerable a desbordamiento de b\u00fafer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b80a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190419\",\"matchCriteriaId\":\"940197C0-A8CE-4EB6-A236-D2922A4C7EB3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b80a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2438BFD-2D68-4BD1-B620-73FC375B6954\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b83a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190419\",\"matchCriteriaId\":\"3319E22D-9B94-4A71-8F07-7AF89319D002\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b83a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6AC7231-2315-4A74-82C2-61B7D9294B1D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b81a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190419\",\"matchCriteriaId\":\"941953A0-DF67-46F3-95C2-FE0810877719\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b81a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B740E699-B29D-4D74-9D79-1747062CD5B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b82a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190419\",\"matchCriteriaId\":\"A89CAB9C-1158-46DA-8D6C-11CE7AB59301\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b82a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22F10866-1F5B-4185-9E5B-F3402C0C1004\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_w2g54a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190426\",\"matchCriteriaId\":\"493619EC-9535-4EF9-B5F9-A7889C8F289E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_w2g54a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE205B6-B515-4FDF-9C64-A86A6954E589\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_w2g55a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190426\",\"matchCriteriaId\":\"7541802B-95F6-4703-AEF2-FF385438E1A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_w2g55a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0C283EB-ADEC-41F0-B765-CDFCB42DB638\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s53a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190426\",\"matchCriteriaId\":\"5F320CEF-ED29-444A-B389-1DD99EA464E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s53a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B75D1D-F710-4B54-BDE8-B067FD0EECB3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s55a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190426\",\"matchCriteriaId\":\"F3372FD2-8D43-485F-B33A-537EB9A51D2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s55a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5406A3F-EFE9-4A9E-B107-81A267087678\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s50a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190426\",\"matchCriteriaId\":\"73F63E6E-352A-4CEC-BCCB-51040A169FC3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s50a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE27F110-5343-4582-8BF0-60FF6D930014\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s54a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20190426\",\"matchCriteriaId\":\"750D1DDB-4769-4C09-A87D-FA087013F36C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s54a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D827857-D80C-4244-930B-043FCE33A749\"}]}]}],\"references\":[{\"url\":\"https://support.hp.com/us-en/document/c06356322\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hp.com/us-en/document/c06356322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

BDU:2019-02013

Vulnerability from fstec - Published: 31.05.2019

Title

Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vendor

HP Inc.

Software Name

HP LaserJet Pro W2G54A, HP LaserJet Pro W2G55A, HP LaserJet Pro Y5S53A, HP LaserJet Pro Y5S55A, HP LaserJet Pro Y5S50A, HP LaserJet Pro Y5S54A, HP LaserJet Pro M28-M31 MFP Series

Software Version

до 20190426 (HP LaserJet Pro W2G54A), до 20190426 (HP LaserJet Pro W2G55A), до 20190426 (HP LaserJet Pro Y5S53A), до 20190426 (HP LaserJet Pro Y5S55A), до 20190426 (HP LaserJet Pro Y5S50A), до 20190426 (HP LaserJet Pro Y5S54A), до 20190426 (HP LaserJet Pro M28-M31 MFP Series)

Possible Mitigations

Использование рекомендаций: https://support.hp.com/us-en/document/c06356322

Reference

https://support.hp.com/us-en/document/c06356322

CWE

CWE-352

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "HP Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 20190426 (HP LaserJet Pro W2G54A), \u0434\u043e 20190426 (HP LaserJet Pro W2G55A), \u0434\u043e 20190426 (HP LaserJet Pro Y5S53A), \u0434\u043e 20190426 (HP LaserJet Pro Y5S55A), \u0434\u043e 20190426 (HP LaserJet Pro Y5S50A), \u0434\u043e 20190426 (HP LaserJet Pro Y5S54A), \u0434\u043e 20190426 (HP LaserJet Pro M28-M31 MFP Series)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.hp.com/us-en/document/c06356322",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.05.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.06.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02013",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-6327",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "HP LaserJet Pro W2G54A, HP LaserJet Pro W2G55A, HP LaserJet Pro Y5S53A, HP LaserJet Pro Y5S55A, HP LaserJet Pro Y5S50A, HP LaserJet Pro Y5S54A, HP LaserJet Pro M28-M31 MFP Series",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 HP Color LaserJet Pro, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-352)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 HP Color LaserJet Pro \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.hp.com/us-en/document/c06356322",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-352",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

CNVD-2019-23317

Vulnerability from cnvd - Published: 2019-07-18

Title

HP Color LaserJet Pro M280-M281 Multifunction Printer series和HP LaserJet Pro MFP M28-M31 Printer series缓冲区溢出漏洞（CNVD-2019-23317）

Description

HP Color LaserJet Pro M280-M281 Multifunction Printer series和HP LaserJet Pro MFP M28-M31 Printer series 都是惠普(HP)推出的打印机产品。 HP Color LaserJet Pro M280-M281 Multifunction Printer series 20190419之前版本和HP LaserJet Pro MFP M28-M31 Printer series 20190426之前版本中存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Severity

高

Patch Name

HP Color LaserJet Pro M280-M281 Multifunction Printer series和HP LaserJet Pro MFP M28-M31 Printer series缓冲区溢出漏洞（CNVD-2019-23317）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1035

Reference

https://support.hp.com/us-en/document/c06356322

Impacted products

Name
['HP HP Color LaserJet Pro MM Multifunction Printer series <20190419', 'HP HP LaserJet Pro MFP MM Printer series <20190426']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6327",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6327"
    }
  },
  "description": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series \u90fd\u662f\u60e0\u666e(HP)\u63a8\u51fa\u7684\u6253\u5370\u673a\u4ea7\u54c1\u3002\n\nHP Color LaserJet Pro M280-M281 Multifunction Printer series 20190419\u4e4b\u524d\u7248\u672c\u548cHP LaserJet Pro MFP M28-M31 Printer series 20190426\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
  "discovererName": "Mario Rivas and Daniel Romero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1035",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-23317",
  "openTime": "2019-07-18",
  "patchDescription": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series \u90fd\u662f\u60e0\u666e(HP)\u63a8\u51fa\u7684\u6253\u5370\u673a\u4ea7\u54c1\u3002\r\n\r\nHP Color LaserJet Pro M280-M281 Multifunction Printer series 20190419\u4e4b\u524d\u7248\u672c\u548cHP LaserJet Pro MFP M28-M31 Printer series 20190426\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-23317\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP HP Color LaserJet Pro MM Multifunction Printer series  \u003c20190419",
      "HP HP LaserJet Pro MFP MM Printer series \u003c20190426"
    ]
  },
  "referenceLink": "https://support.hp.com/us-en/document/c06356322",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-28",
  "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-23317\uff09"
}

FKIE_CVE-2019-6327

Vulnerability from fkie_nvd - Published: 2019-06-17 16:15 - Updated: 2026-06-17 02:38

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	hp-security-alert@hp.com	https://support.hp.com/us-en/document/c06356322	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hp.com/us-en/document/c06356322	Vendor Advisory

Impacted products

Vendor	Product	Version
hp	laserjet_pro_m280-m281_t6b80a_firmware	*
hp	laserjet_pro_m280-m281_t6b80a	-
hp	laserjet_pro_m280-m281_t6b83a_firmware	*
hp	laserjet_pro_m280-m281_t6b83a	-
hp	laserjet_pro_m280-m281_t6b81a_firmware	*
hp	laserjet_pro_m280-m281_t6b81a	-
hp	laserjet_pro_m280-m281_t6b82a_firmware	*
hp	laserjet_pro_m280-m281_t6b82a	-
hp	laserjet_pro_mfp_m28-m31_w2g54a_firmware	*
hp	laserjet_pro_mfp_m28-m31_w2g54a	-
hp	laserjet_pro_mfp_m28-m31_w2g55a_firmware	*
hp	laserjet_pro_mfp_m28-m31_w2g55a	-
hp	laserjet_pro_mfp_m28-m31_y5s53a_firmware	*
hp	laserjet_pro_mfp_m28-m31_y5s53a	-
hp	laserjet_pro_mfp_m28-m31_y5s55a_firmware	*
hp	laserjet_pro_mfp_m28-m31_y5s55a	-
hp	laserjet_pro_mfp_m28-m31_y5s50a_firmware	*
hp	laserjet_pro_mfp_m28-m31_y5s50a	-
hp	laserjet_pro_mfp_m28-m31_y5s54a_firmware	*
hp	laserjet_pro_mfp_m28-m31_y5s54a	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 20190419"
            },
            {
              "status": "affected",
              "version": "before 20190426"
            }
          ]
        }
      ],
      "source": "hp-security-alert@hp.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b80a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "940197C0-A8CE-4EB6-A236-D2922A4C7EB3",
              "versionEndExcluding": "20190419",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b80a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2438BFD-2D68-4BD1-B620-73FC375B6954",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b83a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3319E22D-9B94-4A71-8F07-7AF89319D002",
              "versionEndExcluding": "20190419",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b83a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AC7231-2315-4A74-82C2-61B7D9294B1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b81a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "941953A0-DF67-46F3-95C2-FE0810877719",
              "versionEndExcluding": "20190419",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b81a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B740E699-B29D-4D74-9D79-1747062CD5B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b82a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A89CAB9C-1158-46DA-8D6C-11CE7AB59301",
              "versionEndExcluding": "20190419",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b82a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22F10866-1F5B-4185-9E5B-F3402C0C1004",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_w2g54a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "493619EC-9535-4EF9-B5F9-A7889C8F289E",
              "versionEndExcluding": "20190426",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_w2g54a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE205B6-B515-4FDF-9C64-A86A6954E589",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_w2g55a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7541802B-95F6-4703-AEF2-FF385438E1A4",
              "versionEndExcluding": "20190426",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_w2g55a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C283EB-ADEC-41F0-B765-CDFCB42DB638",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s53a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F320CEF-ED29-444A-B389-1DD99EA464E2",
              "versionEndExcluding": "20190426",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s53a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B75D1D-F710-4B54-BDE8-B067FD0EECB3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s55a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3372FD2-8D43-485F-B33A-537EB9A51D2E",
              "versionEndExcluding": "20190426",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s55a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5406A3F-EFE9-4A9E-B107-81A267087678",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s50a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F63E6E-352A-4CEC-BCCB-51040A169FC3",
              "versionEndExcluding": "20190426",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s50a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE27F110-5343-4582-8BF0-60FF6D930014",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s54a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "750D1DDB-4769-4C09-A87D-FA087013F36C",
              "versionEndExcluding": "20190426",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s54a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D827857-D80C-4244-930B-043FCE33A749",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow."
    },
    {
      "lang": "es",
      "value": "La serie de impresoras multifunci\u00f3n HP Color LaserJet Pro M280-M281 (antes v. 20190419), la serie de impresoras HP LaserJet Pro MFP M28-M31 (antes v. 20190426) puede tener un analizador IPP potencialmente vulnerable a desbordamiento de b\u00fafer."
    }
  ],
  "id": "CVE-2019-6327",
  "lastModified": "2026-06-17T02:38:59.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-17T16:15:12.793",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hp.com/us-en/document/c06356322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hp.com/us-en/document/c06356322"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MQ4W-87V6-275R

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 00:58

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-17T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.",
  "id": "GHSA-mq4w-87v6-275r",
  "modified": "2024-04-04T00:58:37Z",
  "published": "2022-05-24T16:48:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6327"
    },
    {
      "type": "WEB",
      "url": "https://support.hp.com/us-en/document/c06356322"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-6327

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-6327

Aliases

CVE-2019-6327

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6327",
    "description": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.",
    "id": "GSD-2019-6327"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6327"
      ],
      "details": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.",
      "id": "GSD-2019-6327",
      "modified": "2023-12-13T01:23:49.759153Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "hp-security-alert@hp.com",
        "ID": "CVE-2019-6327",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 20190419"
                        },
                        {
                          "version_value": "before 20190426"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer overflow."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hp.com/us-en/document/c06356322",
            "refsource": "MISC",
            "url": "https://support.hp.com/us-en/document/c06356322"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b80a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190419",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b80a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b83a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190419",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b83a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b81a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190419",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b81a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_m280-m281_t6b82a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190419",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_m280-m281_t6b82a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_w2g54a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190426",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_w2g54a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_w2g55a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190426",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_w2g55a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s53a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190426",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s53a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s55a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190426",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s55a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s50a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190426",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s50a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:laserjet_pro_mfp_m28-m31_y5s54a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20190426",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:laserjet_pro_mfp_m28-m31_y5s54a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2019-6327"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/c06356322",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hp.com/us-en/document/c06356322"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-24T13:53Z",
      "publishedDate": "2019-06-17T16:15Z"
    }
  }
}

VAR-201906-0402

Vulnerability from variot - Updated: 2024-11-23 22:06

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A buffer overflow vulnerability exists in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and prior versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. A cross-site scripting vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. Multiple buffer-overflow vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0402",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "laserjet pro m280-m281 t6b81a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190419"
      },
      {
        "model": "laserjet pro mfp m28-m31 w2g54a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro m280-m281 t6b82a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190419"
      },
      {
        "model": "laserjet pro mfp m28-m31 y5s53a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro m280-m281 t6b83a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190419"
      },
      {
        "model": "laserjet pro mfp m28-m31 w2g55a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro mfp m28-m31 y5s55a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro mfp m28-m31 y5s54a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro mfp m28-m31 y5s50a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro m280-m281 t6b80a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "20190419"
      },
      {
        "model": "t6b80a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "t6b81a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "t6b82a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "t6b83a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "w2g54a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "w2g55a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s50a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s53a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s54a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s55a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "color laserjet pro mm multifunction printer series",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "hp",
        "version": "20190419"
      },
      {
        "model": "laserjet pro mfp mm printer series",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro mfp m28-m31 printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet pro m280-m281 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro mfp m28-m31 printer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "color laserjet pro m280-m281 multifunction printer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20190419"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:hp:t6b80a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:t6b81a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:t6b82a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:t6b83a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:w2g54a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:w2g55a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s50a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s53a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s54a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s55a_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mario Rivas and Daniel Romero, NCC Group",
    "sources": [
      {
        "db": "BID",
        "id": "108828"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-6327",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-6327",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-23317",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-6327",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6327",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6327",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6327",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-23317",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-653",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-6327",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6327"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A buffer overflow vulnerability exists in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and prior versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. A cross-site scripting vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. Multiple buffer-overflow vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6327"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6327"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6327",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "108828",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6327",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6327"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "id": "VAR-201906-0402",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:06:10.683000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "c06356322",
        "trust": 0.8,
        "url": "https://support.hp.com/us-en/document/c06356322"
      },
      {
        "title": "Patch for HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries Buffer Overflow Vulnerability (CNVD-2019-23317)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/169497"
      },
      {
        "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series  and HP LaserJet Pro MFP M28-M31 Printer series Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93862"
      },
      {
        "title": "HP: HPSBPI03619 rev. 1 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03619"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ba64aca578c0d92038b9ebc28339506c"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=cdb96be2e472163f1a304e2ae979d5f4"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6327"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://support.hp.com/us-en/document/c06356322"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6327"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6327"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/hp-laserjet-pro-five-vulnerabilities-29557"
      },
      {
        "trust": 0.3,
        "url": "www.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/120.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6327"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6327"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "date": "2019-06-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6327"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "BID",
        "id": "108828"
      },
      {
        "date": "2019-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "date": "2019-06-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      },
      {
        "date": "2019-06-17T16:15:12.793000",
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-23317"
      },
      {
        "date": "2019-10-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6327"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "BID",
        "id": "108828"
      },
      {
        "date": "2019-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      },
      {
        "date": "2019-10-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      },
      {
        "date": "2024-11-21T04:46:25.067000",
        "db": "NVD",
        "id": "CVE-2019-6327"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP Color LaserJet Pro M280-M281 and  MFP M28-M31 Multifunction Printer Series buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005536"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-653"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6327 (GCVE-0-2019-6327)

BDU:2019-02013

CNVD-2019-23317

FKIE_CVE-2019-6327

GHSA-MQ4W-87V6-275R

GSD-2019-6327

VAR-201906-0402

Tags

Sightings

Nomenclature