CVE-2019-18912

A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.hp.com/us-en/document/c06513924	Vendor Advisory
https://support.hp.com/us-en/document/c06513924	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:laserjet_enterprise_m507_1pv86a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m507_1pv87a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m507_1pv89a:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:laserjet_enterprise_m607_k0q14a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m607_k0q15a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m608_k0q17a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m608_k0q18a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m608_k0q19a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m609_k0q20a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m609_k0q21a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m609_k0q22a:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:laserjet_enterprise_m806_cz244a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_m806_cz245a:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m527_f2a78v:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m527_f2a79a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m527_f2a80a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_mfp_m527_f2a76a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_mfp_m527_f2a77a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_mfp_m527_f2a81a:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:laserjet_enterprise_mfp_m528_1pv64a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_mfp_m528_1pv65a:-:::::::*
	cpe:2.3:h:hp:laserjet_enterprise_mfp_m528_1pv67a:-:::::::*

History

21 Nov 2024, 04:33

Type	Values Removed	Values Added
References	~~() https://support.hp.com/us-en/document/c06513924 - Vendor Advisory~~	() https://support.hp.com/us-en/document/c06513924 - Vendor Advisory

Information

Published : 2021-11-09 15:15

Updated : 2024-11-21 04:33

NVD link : CVE-2019-18912

Mitre link : CVE-2019-18912

CVE.ORG link : CVE-2019-18912

JSON object : View

Products Affected

hp

laserjet_enterprise_m507_1pv89a
futuresmart_4
laserjet_enterprise_m609_k0q22a
laserjet_enterprise_m806_cz244a
laserjet_enterprise_mfp_m528_1pv64a
laserjet_enterprise_m806_cz245a
laserjet_enterprise_mfp_m527_f2a81a
laserjet_enterprise_m507_1pv86a
laserjet_enterprise_mfp_m527_f2a76a
laserjet_enterprise_flow_mfp_m527_f2a79a
laserjet_enterprise_m608_k0q17a
laserjet_enterprise_m607_k0q14a
laserjet_enterprise_m609_k0q21a
laserjet_enterprise_flow_mfp_m527_f2a80a
laserjet_enterprise_m507_1pv87a
laserjet_enterprise_mfp_m527_f2a77a
laserjet_enterprise_mfp_m528_1pv67a
laserjet_enterprise_m607_k0q15a
laserjet_enterprise_m609_k0q20a
laserjet_enterprise_mfp_m528_1pv65a
laserjet_enterprise_m608_k0q18a
laserjet_enterprise_flow_mfp_m527_f2a78v
laserjet_enterprise_m608_k0q19a

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-18912", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-11-09T15:15:08.563", "references": [{"url": "https://support.hp.com/us-en/document/c06513924", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://support.hp.com/us-en/document/c06513924", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution."}, {"lang": "es", "value": "Se ha identificado una potencial vulnerabilidad de seguridad para determinadas impresoras y MFPs de HP con soluciones Troy. Para las impresoras afectadas con la versi\u00f3n 4.9 o 4.9.0.1 del paquete de firmware FutureSmart, una posible vulnerabilidad puede causar inestabilidad en la soluci\u00f3n"}], "lastModified": "2024-11-21T04:33:49.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B040E6F-1416-4499-B1FA-D3A69003DB7C", "versionEndExcluding": "2409065_000092"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m507_1pv86a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B94F4583-CC33-4350-B996-D1E238EEF0A9"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m507_1pv87a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5EF8EDF-5AA7-4E5A-AEFF-D8B2AB8BA971"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m507_1pv89a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA4CADC9-B0BD-422E-A6C0-21ADD984A605"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D70CA7F7-03A4-4E09-90E0-1864465108F0", "versionEndExcluding": "2409065_000063"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m607_k0q14a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04408A7B-DD5A-4DA2-8A05-AD0A9C0362F6"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m607_k0q15a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3B9A9453-C822-4343-8550-C3D82A5DE3FE"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m608_k0q17a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD70DE1F-3D25-46BC-8481-5FCC3583E12C"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m608_k0q18a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BFBCB99F-A0B3-4C7D-A40F-0168AEB833FC"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m608_k0q19a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "85C609A0-A5F5-4D24-A4FA-399952AA2CB7"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m609_k0q20a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4926D9A-7E6B-46F7-9F9B-34ECC6098630"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m609_k0q21a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75B7FD81-821D-4FAE-9719-4A1A3C7716C2"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m609_k0q22a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A724AFD-FB55-40E7-B674-9C7584509066"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E99801AA-CCC4-4AC2-BE7E-86D3B3D7D7BB", "versionEndExcluding": "2409065_000082"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m806_cz244a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C4E64018-F243-4AE3-911A-97EA6A918A70"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m806_cz245a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "951EB1DE-8403-4C39-8F3D-4AC53503DDEA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32AEC96A-F991-481F-B873-B451444F75E0", "versionEndExcluding": "2409065_000073"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m527_f2a78v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "094971DF-462D-4780-A102-0ABE67B68DDE"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m527_f2a79a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D5C5FAF-B8CA-4492-9990-EE4619C847A4"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_flow_mfp_m527_f2a80a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F97483D-B34F-43A4-A86C-38C88FC7BE23"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_mfp_m527_f2a76a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0AE3B23F-AB99-42C6-A2B7-0FE72CBBC871"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_mfp_m527_f2a77a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "656A3546-E613-4A99-95D1-2B07E8F8B53B"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_mfp_m527_f2a81a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDB1F15F-E4FE-4779-BA31-8BF3384B7259"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:futuresmart_4:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FFCD35A-7C43-45B2-9F02-A37231D23516", "versionEndExcluding": "2409065_000054"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:laserjet_enterprise_mfp_m528_1pv64a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01BFA169-42BD-4FDD-8FFC-C1F26EB560A1"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_mfp_m528_1pv65a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "27D361F3-AA12-41EC-A767-0CD30015E965"}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_mfp_m528_1pv67a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8BC2BEDE-6C53-4A56-AAD8-1D640A23A464"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}