CVE-2019-6318
CRITICALHP Color LaserJet CM4540 MFP < 2309010_581401 - Arbitrary Code Execution
Title source: llmDescription
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.hp.com/us-en/document/c06265454
Scores
CVSS v3
9.8
EPSS
0.0154
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-347
Status
published
Products (50)
hp/color_laserjet_cm4540_mfp_firmware
< 2309010_581401
hp/color_laserjet_enterprise_cp5525_firmware
< 2309010_581402
hp/color_laserjet_enterprise_flow_mfp_m577_firmware
< 2309010_581408
hp/color_laserjet_enterprise_flow_mfp_m680_firmware
< 2309010_581416
hp/color_laserjet_enterprise_flow_mfp_m681_firmware
< 2407081_000578
hp/color_laserjet_enterprise_flow_mfp_m682_firmware
< 2407081_000578
hp/color_laserjet_enterprise_flow_mfp_m880z_firmware
< 2309010_581433
hp/color_laserjet_enterprise_m552_firmware
< 2309010_581409
hp/color_laserjet_enterprise_m553_firmware
< 2309010_581409
hp/color_laserjet_enterprise_m651_firmware
< 2309010_581418
... and 40 more
Published
Apr 11, 2019
Tracked Since
Feb 18, 2026