CVE-2019-18914 — MEDIUM (6.1)

Q: How severe is CVE-2019-18914?

CVE-2019-18914 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-18914?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Futuresmart 3, Hp Laserjet Cm4540 Mfp Cc419A, Hp Laserjet Cm4540 Mfp Cc420A, Hp Laserjet Cm4540 Mfp Cc421A, Hp Futuresmart 4.

Vulnerability Description

A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Hp	Futuresmart 3	< 2309025_582081
Hp	Laserjet Cm4540 Mfp Cc419A	-
Hp	Laserjet Cm4540 Mfp Cc420A	-
Hp	Laserjet Cm4540 Mfp Cc421A	-
Hp	Futuresmart 4	< 2410028_055010
Hp	Laserjet Enterprise Flow Mfp M880Z A2W75A	-
Hp	Laserjet Enterprise Flow Mfp M880Z A2W76A	-
Hp	Laserjet Enterprise Flow Mfp M880Z D7P70A	-
Hp	Laserjet Enterprise Flow Mfp M880Z D7P71A	-
Hp	Laserjet Enterprise Flow Mfp M880Z L3U51A	-
Hp	Laserjet Enterprise Flow Mfp M880Z L3U52A	-
Hp	Laserjet Managed Flow Mfp M880Zm A2W75A	-
Hp	Laserjet Managed Flow Mfp M880Zm A2W76A	-
Hp	Laserjet Managed Flow Mfp M880Zm D7P70A	-
Hp	Laserjet Managed Flow Mfp M880Zm D7P71A	-
Hp	Laserjet Managed Flow Mfp M880Zm L3U51A	-
Hp	Laserjet Managed Flow Mfp M880Zm L3U52A	-
Hp	Laserjet Enterprise M552 B5L23A	-
Hp	Laserjet Enterprise M553 B5L24A	-
Hp	Laserjet Enterprise M553 B5L25A	-

Related Weaknesses (CWE)

CWE-79

References

https://support.hp.com/us-en/document/c06546034Vendor Advisory
https://support.hp.com/us-en/document/c06546034Vendor Advisory

FAQ

What is CVE-2019-18914?

CVE-2019-18914 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malici...

How severe is CVE-2019-18914?

CVE-2019-18914 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18914?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Futuresmart 3, Hp Laserjet Cm4540 Mfp Cc419A, Hp Laserjet Cm4540 Mfp Cc420A, Hp Laserjet Cm4540 Mfp Cc421A, Hp Futuresmart 4.