CVE-2020-28416 — HIGH (7.8)

Q: How severe is CVE-2020-28416?

CVE-2020-28416 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-28416?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Officejet 4650 E6G87A Firmware, Hp Officejet 4650 E6G87A, Hp Officejet 4650 F1H96A Firmware, Hp Officejet 4650 F1H96A, Hp Officejet 4650 F1H96B Firmware.

Vulnerability Description

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Officejet 4650 E6G87A Firmware	< 40.11.1122
Hp	Officejet 4650 E6G87A	-
Hp	Officejet 4650 F1H96A Firmware	< 40.11.1122
Hp	Officejet 4650 F1H96A	-
Hp	Officejet 4650 F1H96B Firmware	< 40.11.1122
Hp	Officejet 4650 F1H96B	-
Hp	Officejet 4650 F1J03A Firmware	< 40.11.1122
Hp	Officejet 4650 F1J03A	-
Hp	Officejet 4650 F1J04A Firmware	< 40.11.1122
Hp	Officejet 4650 F1J04A	-
Hp	Officejet 4650 F9D37A Firmware	< 40.11.1122
Hp	Officejet 4650 F9D37A	-
Hp	Officejet 4650 K9V77A Firmware	< 40.11.1122
Hp	Officejet 4650 K9V77A	-
Hp	Officejet 4650 K9V85B Firmware	< 40.11.1122
Hp	Officejet 4650 K9V85B	-
Hp	Officejet 4651 K9V83B Firmware	< 40.11.1122
Hp	Officejet 4651 K9V83B	-
Hp	Officejet 4652 F1J02A Firmware	< 40.11.1122
Hp	Officejet 4652 F1J02A	-

References

https://support.hp.com/us-en/document/c07051163Vendor Advisory
https://support.hp.com/us-en/document/c07051163Vendor Advisory

FAQ

What is CVE-2020-28416?

CVE-2020-28416 is a vulnerability with a CVSS score of 7.8 (HIGH). HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially...

How severe is CVE-2020-28416?

CVE-2020-28416 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28416?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Officejet 4650 E6G87A Firmware, Hp Officejet 4650 E6G87A, Hp Officejet 4650 F1H96A Firmware, Hp Officejet 4650 F1H96A, Hp Officejet 4650 F1H96B Firmware.