CVE-2020-28419 — HIGH (8.8)

Q: What is CVE-2020-28419?

CVE-2020-28419 is a vulnerability with a CVSS score of 8.8 (HIGH). During installation with certain driver software or application packages an arbitrary code execution could occur.

Q: How severe is CVE-2020-28419?

CVE-2020-28419 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-28419?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Color Laserjet Cm4540 Mfp Firmware, Hp Color Laserjet Cm4540 Mfp Cc419A, Hp Color Laserjet Cm4540 Mfp Cc420A, Hp Color Laserjet Cm4540 Mfp Cc421A, Hp Color Laserjet Enterprise Flow Mfp M880Z Firmware.

Vulnerability Description

During installation with certain driver software or application packages an arbitrary code execution could occur.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Color Laserjet Cm4540 Mfp Firmware	< 61.111.01.9108
Hp	Color Laserjet Cm4540 Mfp Cc419A	-
Hp	Color Laserjet Cm4540 Mfp Cc420A	-
Hp	Color Laserjet Cm4540 Mfp Cc421A	-
Hp	Color Laserjet Enterprise Flow Mfp M880Z Firmware	< 11.0.19232.882
Hp	Color Laserjet Enterprise Flow Mfp M880Z A2W75A	-
Hp	Color Laserjet Enterprise Flow Mfp M880Z A2W76A	-
Hp	Color Laserjet Enterprise Flow Mfp M880Z D7P70A	-
Hp	Color Laserjet Enterprise Flow Mfp M880Z D7P71A	-
Hp	Color Laserjet Enterprise Flow Mfp M880Z L3U51A	-
Hp	Color Laserjet Enterprise Flow Mfp M880Z L3U52A	-
Hp	Color Laserjet Managed Flow Mfp M880Zm Firmware	< 11.0.19232.882
Hp	Color Laserjet Managed Flow Mfp M880Zm A2W75A	-
Hp	Color Laserjet Managed Flow Mfp M880Zm A2W76A	-
Hp	Color Laserjet Managed Flow Mfp M880Zm D7P70A	-
Hp	Color Laserjet Managed Flow Mfp M880Zm D7P71A	-
Hp	Color Laserjet Managed Flow Mfp M880Zm L3U51A	-
Hp	Color Laserjet Managed Flow Mfp M880Zm L3U52A	-
Hp	Color Laserjet Enterprise M455 Firmware	< 52.1.4899
Hp	Color Laserjet Enterprise M455 3Pz95A	-

References

https://support.hp.com/us-en/document/c07058567Vendor Advisory
https://support.hp.com/us-en/document/c07058567Vendor Advisory

FAQ

What is CVE-2020-28419?

CVE-2020-28419 is a vulnerability with a CVSS score of 8.8 (HIGH). During installation with certain driver software or application packages an arbitrary code execution could occur.

How severe is CVE-2020-28419?

CVE-2020-28419 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28419?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Color Laserjet Cm4540 Mfp Firmware, Hp Color Laserjet Cm4540 Mfp Cc419A, Hp Color Laserjet Cm4540 Mfp Cc420A, Hp Color Laserjet Cm4540 Mfp Cc421A, Hp Color Laserjet Enterprise Flow Mfp M880Z Firmware.