CVE-2019-18914 | ByteOS Network

Vulnerability Details :

CVE-2019-18914

Assigner-hp

Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2

Published At-09 Nov, 2021 | 14:10

Updated At-05 Aug, 2024 | 02:02

A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:hp

Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2

Published At:09 Nov, 2021 | 14:10

Updated At:05 Aug, 2024 | 02:02

▼CVE Numbering Authority (CNA)

A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.

Affected Products

Vendor

Product

HP Color LaserJet Managed Printers, HP Color LaserJet Enterprise Printers

Versions

Affected

before FS3: 2309025_582081
before FS3: 2309025_582082
before FS3: 2309025_582083
before FS3: 2309025_582084
before FS3: 2309025_582085
before FS3: 2309025_582086
before FS3: 2309025_582087
before FS3: 2309025_582088
before FS3: 2309025_582089
before FS3: 2309025_582091
before FS3: 2309025_582092
before FS3: 2309025_582093
before FS3: 2309025_582096
before FS3: 2309025_582097
before FS3: 2309025_582098
before FS3: 2309025_582099
before FS3: 2309025_582101
before FS3: 2309025_582102
before FS3: 2309025_582103
before FS3: 2309025_582104
before FS3: 2309025_582105
before FS3: 2309025_582106
before FS3: 2309025_582108
before FS3: 2309025_582110
before FS3: 2309025_582112
before FS3: 2309025_582113
before FS3: 2309025_582114
before FS4: 2410028_055002
before FS4: 2410028_055003
before FS4: 2410028_055004
before FS4: 2410028_055005
before FS4: 2410028_055006
before FS4: 2410028_055007
before FS4: 2410028_055008
...

Problem Types

Type	CWE ID	Description
text	N/A	Cross-Site Scripting

Type: text

CWE ID: N/A

Description: Cross-Site Scripting

References

Hyperlink	Resource
https://support.hp.com/us-en/document/c06546034	x_refsource_MISC

Hyperlink: https://support.hp.com/us-en/document/c06546034

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://support.hp.com/us-en/document/c06546034	x_refsource_MISC x_transferred

Hyperlink: https://support.hp.com/us-en/document/c06546034

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:hp-security-alert@hp.com

Published At:09 Nov, 2021 | 15:15

Updated At:15 Nov, 2021 | 20:07

A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

>>futuresmart_3>>Versions before 2309025_582081(exclusive)

cpe:2.3:o:hp:futuresmart_3:*:*:*:*:*:*:*:*

>>laserjet_cm4540_mfp_cc419a>>-

cpe:2.3:h:hp:laserjet_cm4540_mfp_cc419a:-:*:*:*:*:*:*:*

>>laserjet_cm4540_mfp_cc420a>>-

cpe:2.3:h:hp:laserjet_cm4540_mfp_cc420a:-:*:*:*:*:*:*:*

>>laserjet_cm4540_mfp_cc421a>>-

cpe:2.3:h:hp:laserjet_cm4540_mfp_cc421a:-:*:*:*:*:*:*:*

>>futuresmart_3>>Versions before 2309025_582098(exclusive)

cpe:2.3:o:hp:futuresmart_3:*:*:*:*:*:*:*:*

>>futuresmart_4>>Versions before 2410028_055010(exclusive)

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

>>laserjet_enterprise_flow_mfp_m880z_a2w75a>>-

cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m880z_a2w75a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_flow_mfp_m880z_a2w76a>>-

cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m880z_a2w76a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_flow_mfp_m880z_d7p70a>>-

cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m880z_d7p70a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_flow_mfp_m880z_d7p71a>>-

cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m880z_d7p71a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_flow_mfp_m880z_l3u51a>>-

cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m880z_l3u51a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_flow_mfp_m880z_l3u52a>>-

cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m880z_l3u52a:-:*:*:*:*:*:*:*

>>laserjet_managed_flow_mfp_m880zm_a2w75a>>-

cpe:2.3:h:hp:laserjet_managed_flow_mfp_m880zm_a2w75a:-:*:*:*:*:*:*:*

>>laserjet_managed_flow_mfp_m880zm_a2w76a>>-

cpe:2.3:h:hp:laserjet_managed_flow_mfp_m880zm_a2w76a:-:*:*:*:*:*:*:*

>>laserjet_managed_flow_mfp_m880zm_d7p70a>>-

cpe:2.3:h:hp:laserjet_managed_flow_mfp_m880zm_d7p70a:-:*:*:*:*:*:*:*

>>laserjet_managed_flow_mfp_m880zm_d7p71a>>-

cpe:2.3:h:hp:laserjet_managed_flow_mfp_m880zm_d7p71a:-:*:*:*:*:*:*:*

>>laserjet_managed_flow_mfp_m880zm_l3u51a>>-

cpe:2.3:h:hp:laserjet_managed_flow_mfp_m880zm_l3u51a:-:*:*:*:*:*:*:*

>>laserjet_managed_flow_mfp_m880zm_l3u52a>>-

cpe:2.3:h:hp:laserjet_managed_flow_mfp_m880zm_l3u52a:-:*:*:*:*:*:*:*

>>futuresmart_3>>Versions before 2309025_582089(exclusive)

cpe:2.3:o:hp:futuresmart_3:*:*:*:*:*:*:*:*

>>laserjet_enterprise_m552_b5l23a>>-

cpe:2.3:h:hp:laserjet_enterprise_m552_b5l23a:-:*:*:*:*:*:*:*

>>futuresmart_3>>Versions before 2309025_582089(exclusive)

cpe:2.3:o:hp:futuresmart_3:*:*:*:*:*:*:*:*

>>futuresmart_4>>Versions before 2410028_055028(exclusive)

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

>>laserjet_enterprise_m553_b5l24a>>-

cpe:2.3:h:hp:laserjet_enterprise_m553_b5l24a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m553_b5l25a>>-

cpe:2.3:h:hp:laserjet_enterprise_m553_b5l25a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m553_b5l26a>>-

cpe:2.3:h:hp:laserjet_enterprise_m553_b5l26a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m553_b5l38a>>-

cpe:2.3:h:hp:laserjet_enterprise_m553_b5l38a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m553_b5l39a>>-

cpe:2.3:h:hp:laserjet_enterprise_m553_b5l39a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m553_bl27a>>-

cpe:2.3:h:hp:laserjet_enterprise_m553_bl27a:-:*:*:*:*:*:*:*

>>laserjet_managed_m553_b5l24a>>-

cpe:2.3:h:hp:laserjet_managed_m553_b5l24a:-:*:*:*:*:*:*:*

>>laserjet_managed_m553_b5l25a>>-

cpe:2.3:h:hp:laserjet_managed_m553_b5l25a:-:*:*:*:*:*:*:*

>>laserjet_managed_m553_b5l26a>>-

cpe:2.3:h:hp:laserjet_managed_m553_b5l26a:-:*:*:*:*:*:*:*

>>laserjet_managed_m553_b5l38a>>-

cpe:2.3:h:hp:laserjet_managed_m553_b5l38a:-:*:*:*:*:*:*:*

>>laserjet_managed_m553_b5l39a>>-

cpe:2.3:h:hp:laserjet_managed_m553_b5l39a:-:*:*:*:*:*:*:*

>>laserjet_managed_m553_bl27a>>-

cpe:2.3:h:hp:laserjet_managed_m553_bl27a:-:*:*:*:*:*:*:*

>>futuresmart_3>>Versions before 2309025_582096(exclusive)

cpe:2.3:o:hp:futuresmart_3:*:*:*:*:*:*:*:*

>>futuresmart_4>>Versions before 2410028_055035(exclusive)

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

>>laserjet_enterprise_m651_cz255a>>-

cpe:2.3:h:hp:laserjet_enterprise_m651_cz255a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m651_cz256a>>-

cpe:2.3:h:hp:laserjet_enterprise_m651_cz256a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m651_cz257a>>-

cpe:2.3:h:hp:laserjet_enterprise_m651_cz257a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m651_h0dc9a>>-

cpe:2.3:h:hp:laserjet_enterprise_m651_h0dc9a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m651_l8z07a>>-

cpe:2.3:h:hp:laserjet_enterprise_m651_l8z07a:-:*:*:*:*:*:*:*

>>laserjet_managed_m651_cz255a>>-

cpe:2.3:h:hp:laserjet_managed_m651_cz255a:-:*:*:*:*:*:*:*

>>laserjet_managed_m651_cz256a>>-

cpe:2.3:h:hp:laserjet_managed_m651_cz256a:-:*:*:*:*:*:*:*

>>laserjet_managed_m651_cz257a>>-

cpe:2.3:h:hp:laserjet_managed_m651_cz257a:-:*:*:*:*:*:*:*

>>laserjet_managed_m651_h0dc9a>>-

cpe:2.3:h:hp:laserjet_managed_m651_h0dc9a:-:*:*:*:*:*:*:*

>>laserjet_managed_m651_l8z07a>>-

cpe:2.3:h:hp:laserjet_managed_m651_l8z07a:-:*:*:*:*:*:*:*

>>futuresmart_4>>Versions before 2410028_055034(exclusive)

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

>>laserjet_enterprise_m652_j7z98a>>-

cpe:2.3:h:hp:laserjet_enterprise_m652_j7z98a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m652_j7z99a>>-

cpe:2.3:h:hp:laserjet_enterprise_m652_j7z99a:-:*:*:*:*:*:*:*

>>laserjet_enterprise_m653_j8a04a>>-

cpe:2.3:h:hp:laserjet_enterprise_m653_j8a04a:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://support.hp.com/us-en/document/c06546034	hp-security-alert@hp.com	Vendor Advisory

Hyperlink: https://support.hp.com/us-en/document/c06546034

Source: hp-security-alert@hp.com

Resource:

Vendor Advisory