CVE-2023-35176 — HIGH (8.8)

Q: What is CVE-2023-35176?

CVE-2023-35176 is a vulnerability with a CVSS score of 8.8 (HIGH). Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

Q: How severe is CVE-2023-35176?

CVE-2023-35176 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-35176?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Laserjet Pro Mfp M478-M479 W1A75A Firmware, Hp Laserjet Pro Mfp M478-M479 W1A75A, Hp Laserjet Pro Mfp M478-M479 W1A76A Firmware, Hp Laserjet Pro Mfp M478-M479 W1A76A, Hp Laserjet Pro Mfp M478-M479 W1A77A Firmware.

Vulnerability Description

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Laserjet Pro Mfp M478-M479 W1A75A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A75A	-
Hp	Laserjet Pro Mfp M478-M479 W1A76A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A76A	-
Hp	Laserjet Pro Mfp M478-M479 W1A77A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A77A	-
Hp	Laserjet Pro Mfp M478-M479 W1A78A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A78A	-
Hp	Laserjet Pro Mfp M478-M479 W1A79A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A79A	-
Hp	Laserjet Pro Mfp M478-M479 W1A80A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A80A	-
Hp	Laserjet Pro Mfp M478-M479 W1A81A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A81A	-
Hp	Laserjet Pro Mfp M478-M479 W1A82A Firmware	< 002_2322c
Hp	Laserjet Pro Mfp M478-M479 W1A82A	-
Hp	Laserjet Pro M453-M454 W1Y40A Firmware	< 002_2322c
Hp	Laserjet Pro M453-M454 W1Y40A	-
Hp	Laserjet Pro M453-M454 W1Y41A Firmware	< 002_2322c
Hp	Laserjet Pro M453-M454 W1Y41A	-

Related Weaknesses (CWE)

CWE-120

References

https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852Vendor Advisory
https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852Vendor Advisory

FAQ

What is CVE-2023-35176?

CVE-2023-35176 is a vulnerability with a CVSS score of 8.8 (HIGH). Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

How severe is CVE-2023-35176?

CVE-2023-35176 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-35176?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Laserjet Pro Mfp M478-M479 W1A75A Firmware, Hp Laserjet Pro Mfp M478-M479 W1A75A, Hp Laserjet Pro Mfp M478-M479 W1A76A Firmware, Hp Laserjet Pro Mfp M478-M479 W1A76A, Hp Laserjet Pro Mfp M478-M479 W1A77A Firmware.