Vulnerability CVE-2018-5923

Vulnerability CVE-2018-5923

Published: 2019-03-27

Description:

In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.

Type:

CWE-347

(Improper Verification of Cryptographic Signature)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
HP -> Laserjet enterprise color flow mfp m575c firmware
HP -> Laserjet enterprise m608x firmware
HP -> Laserjet managed e60065x firmware
HP -> Laserjet managed mfp e62565hs firmware
HP -> Pagewide enterprise color mpf 780f firmware
HP -> Pagewide managed color mfp e77650dns firmware
HP -> Color laserjet managed e65060dn firmware
HP -> Color laserjet managed mfp e77830dn firmware
HP -> Laserjet enterprise flow m830z mfp firmware
HP -> Laserjet enterprise m609dh firmware
HP -> Laserjet managed e60075dn firmware
HP -> Laserjet managed mfp e72525 firmware
HP -> Pagewide enterprise color mpf 785f firmware
HP -> Scanjet enterprise 8500 document capture workstation firmware
HP -> Color laserjet cm4540 mfp firmware
HP -> Color laserjet managed flow mfp e57540c firmware
HP -> Color laserjet managed mfp e87640 firmware
HP -> Laserjet enterprise flow mfp m525c firmware
HP -> Laserjet enterprise m609dn firmware
HP -> Laserjet managed e60075x firmware
HP -> Laserjet managed mfp e72530 firmware
HP -> Pagewide enterprise color mpf 785zs firmware
HP -> Scanjet enterprise flow n9120 document flatbed scanner firmware
HP -> Color laserjet cp5525 firmware
HP -> Color laserjet managed flow mfp e57540dn firmware
HP -> Color laserjet managed mfp e87640dn firmware
HP -> Laserjet enterprise flow mfp m630z firmware
HP -> Laserjet enterprise m609x firmware
HP -> Laserjet managed flow mfp e52545c firmware
HP -> Laserjet managed mfp e72535dn firmware
HP -> Pagewide enterprise color x556dn firmware
HP -> Color laserjet enterprise flow mfp m681f firmware
HP -> Color laserjet managed flow mfp e67550f firmware
HP -> Color laserjet managed mfp e87650 firmware
HP -> Laserjet enterprise flow mfp m631h firmware
HP -> Laserjet enterprise m806 firmware
HP -> Laserjet managed flow mfp e62555dn firmware
HP -> Laserjet managed mfp e82540 firmware
HP -> Pagewide enterprise color x556xh firmware
HP -> Color laserjet enterprise m552 firmware
HP -> Color laserjet managed flow mfp e67560z firmware
HP -> Color laserjet managed mfp e87660dn firmware
HP -> Laserjet enterprise flow mfp m632z firmware
HP -> Laserjet enterprise mfp m527 firmware
HP -> Laserjet managed flow mfp e62565h firmware
HP -> Laserjet managed mfp e82550 firmware
HP -> Pagewide managed color e55650dn firmware
HP -> Color laserjet enterprise m553 firmware
HP -> Color laserjet managed flow mfp e77822 firmware
HP -> Digital sender flow 8500 fn2 document capture workstation firmware
HP -> Laserjet enterprise flow mfp m633z firmware
HP -> Laserjet enterprise mfp m630 firmware
HP -> Laserjet managed flow mfp e62565z firmware
HP -> Laserjet managed mfp e82560dn firmware
HP -> Pagewide managed color e75160dn firmware
HP -> Color laserjet enterprise m651 firmware
HP -> Color laserjet managed flow mfp e77825 firmware
HP -> Hp laserjet enterprise 700 color mfp m775 firmware
HP -> Laserjet enterprise m4555 mfp firmware
HP -> Laserjet enterprise mfp m631dn firmware
HP -> Laserjet managed flow mfp e62575z firmware
HP -> Officejet enterprise color flow mfp x585 firmware
HP -> Pagewide managed color flow mfp e58650z firmware
HP -> Color laserjet enterprise m652n firmware
HP -> Color laserjet managed flow mfp e77830z firmware
HP -> Laserjet enterprise 500 color mfp m575dn firmware
HP -> Laserjet enterprise m506 firmware
HP -> Laserjet enterprise mfp m631z firmware
HP -> Laserjet managed flow mfp e72525 firmware
HP -> Officejet enterprise color mfp x585 firmware
HP -> Pagewide managed color flow mfp e77650z firmware
HP -> Color laserjet enterprise m653dn firmware
HP -> Color laserjet managed flow mfp e8760z firmware
HP -> Laserjet enterprise 500 mfp m525f firmware
HP -> Laserjet enterprise m604 firmware
HP -> Laserjet enterprise mfp m632fht firmware
HP -> Laserjet managed flow mfp e72530 firmware
HP -> Officejet enterprise color x555dn firmware
HP -> Pagewide managed color flow mfp e77650zs firmware
HP -> Color laserjet enterprise m750 firmware
HP -> Color laserjet managed flow mfp e87640 firmware
HP -> Laserjet enterprise 600 m601 firmware
HP -> Laserjet enterprise m605 firmware
HP -> Laserjet enterprise mfp m632h firmware
HP -> Laserjet managed flow mfp e72535z firmware
HP -> Officejet enterprise color x555xh firmware
HP -> Pagewide managed color flow mfp e77660dn firmware
HP -> Color laserjet enterprise mfp m577 firmware
HP -> Color laserjet managed flow mfp e87640z firmware
HP -> Laserjet enterprise 600 m602 firmware
HP -> Laserjet enterprise m606 firmware
HP -> Laserjet enterprise mfp m633fh firmware
HP -> Laserjet managed flow mfp e82540 firmware
HP -> Pagewide enterprise color 765dn firmware
HP -> Pagewide managed color flow mfp e77660z firmware
HP -> Color laserjet enterprise mfp m681dh firmware
HP -> Color laserjet managed flow mfp e87650 firmware
HP -> Laserjet enterprise 600 m603xh firmware
HP -> Laserjet enterprise m607n firmware
HP -> Laserjet enterprise mfp m725 firmware

References:

https://support.hp.com/us-en/document/c06169434

Vulnerability CVE-2018-5923

In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.

CWE-347

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: