cvelistv5 - cve-2022-24291

CVE-2022-24291 (GCVE-0-2022-24291)

Vulnerability from cvelistv5

Published

2022-03-23 19:46

Modified

2024-08-03 04:07

Severity ?

CWE

Information disclosure, Denial of service, Buffer overflow

Summary

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.

References

URL

Tags

https://support.hp.com/us-en/document/ish_5950417-5950443-16

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers	Version: before 002_2208A Version: before 2205D Version: before 001.2210B Version: before 001.2207C

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:07:02.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/ish_5950417-5950443-16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 002_2208A"
            },
            {
              "status": "affected",
              "version": "before 2205D"
            },
            {
              "status": "affected",
              "version": "before 001.2210B"
            },
            {
              "status": "affected",
              "version": "before 001.2207C"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure, Denial of service, Buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-23T19:46:18.000Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.hp.com/us-en/document/ish_5950417-5950443-16"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2022-24291",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 002_2208A"
                          },
                          {
                            "version_value": "before 2205D"
                          },
                          {
                            "version_value": "before 001.2210B"
                          },
                          {
                            "version_value": "before 001.2207C"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure, Denial of service, Buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/ish_5950417-5950443-16",
              "refsource": "MISC",
              "url": "https://support.hp.com/us-en/document/ish_5950417-5950443-16"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2022-24291",
    "datePublished": "2022-03-23T19:46:18.000Z",
    "dateReserved": "2022-02-01T00:00:00.000Z",
    "dateUpdated": "2024-08-03T04:07:02.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2022-AVI-268

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits HP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	HP PageWide Pro 477dw Multifunction Printer series versions antérieures à 2205D
N/A	N/A	HP PageWide Pro 552dw Printer series versions antérieures à 2205D
N/A	N/A	HP LaserJet Pro MFP M428, M429 F versions antérieures à 002_2208A
N/A	N/A	HP LaserJet Pro M404, M405 versions antérieures à 002_2208A
N/A	N/A	HP PageWide 377dw Multifunction Printer versions antérieures à 2205D
N/A	N/A	HP Color LaserJet Pro MFP M2XX
N/A	N/A	HP OfficeJet Pro 8210 Printer series versions antérieures à 001.2210B
N/A	N/A	HP PageWide Pro 452dn Printer series versions antérieures à 2205D
N/A	N/A	HP Color LaserJet Pro M453 - M454 versions antérieures à 002_2208A
N/A	N/A	HP PageWide 352dw Printer versions antérieures à 2205D
N/A	N/A	HP OfficeJet Pro 8216 Printer series versions antérieures à 001.2210B
N/A	N/A	HP PageWide Pro 577 Multifunction Printer series versions antérieures à 2205D
N/A	N/A	HP LaserJet Pro M304, M305 versions antérieures à 002_2208A
N/A	N/A	HP OfficeJet Pro 8730 All-in-One Printer versions antérieures à 001.2210B
N/A	N/A	HP LaserJet Pro MFP M428, M429 versions antérieures à 002_2208A
N/A	N/A	HP PageWide Pro 477dn Multifunction Printer series versions antérieures à 2205D
N/A	N/A	HP PageWide Managed P55250dw Printer series versions antérieures à 2205D
N/A	N/A	HP PageWide Managed P57750dw Multifunction Printer versions antérieures à 2205D
N/A	N/A	HP OfficeJet Pro 8740 All-in-One Printer series versions antérieures à 001.2210B
N/A	N/A	HP Color LaserJet Pro MFP M478, M479 versions antérieures à 002_2208A
N/A	N/A	HP PageWide Pro 452dw Printer series versions antérieures à 2205D

References

Title

Publication Time

Tags

Bulletin de sécurité HP hpsbpi03781 du 21 mars 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP PageWide Pro 477dw Multifunction Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 552dw Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro MFP M428, M429 F versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro M404, M405 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide 377dw Multifunction Printer versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Color LaserJet Pro MFP M2XX",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8210 Printer series versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 452dn Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Color LaserJet Pro M453 - M454 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide 352dw Printer versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8216 Printer series versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 577 Multifunction Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro M304, M305 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8730 All-in-One Printer versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro MFP M428, M429 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 477dn Multifunction Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Managed P55250dw Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Managed P57750dw Multifunction Printer versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8740 All-in-One Printer series versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Color LaserJet Pro MFP M478, M479 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 452dw Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-24292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24292"
    },
    {
      "name": "CVE-2022-24291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24291"
    },
    {
      "name": "CVE-2022-24293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24293"
    }
  ],
  "initial_release_date": "2022-03-23T00:00:00",
  "last_revision_date": "2022-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-268",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP hpsbpi03781 du 21 mars 2022",
      "url": "https://support.hp.com/us-en/document/ish_5950417-5950443-16/hpsbpi03781"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-24291 (GCVE-0-2022-24291)

Vulnerability from cvelistv5

CERTFR-2022-AVI-268

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature