CVE-2023-26301

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_8746769-8746795-16/hpsbpi03855	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_4ra87f:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_4ra87f_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_4ra88f:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_4ra88f_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_4ra89a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_4ra89a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh48a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh48a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh51a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh51a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh52a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh52a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh53a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh53a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh59a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh59a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra80f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra80f:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra81f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra81f:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra82f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra82f:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra83f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra83f:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra84f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra84f:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh64f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh64f:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh65a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh65a:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh66a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh66a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh67a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh67a:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh72a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh72a:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh73a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh73a:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-21 17:15

Updated : 2023-07-31 17:29

NVD link : CVE-2023-26301

Mitre link : CVE-2023-26301

CVE.ORG link : CVE-2023-26301

JSON object : View

Products Affected

color_laserjet_pro_mfp_4301-4303_5hh66a
color_laserjet_pro_mfp_4301-4303_4ra82f_firmware
color_laserjet_pro_mfp_4301-4303_4ra82f
color_laserjet_pro_mfp_4301-4303_4ra83f
color_laserjet_pro_mfp_4301-4303_5hh65a_firmware
color_laserjet_pro_mfp_4301-4303_5hh73a
color_laserjet_pro_mfp_4301-4303_5hh73a_firmware
color_laserjet_pro_4201-4203_5hh52a
color_laserjet_pro_mfp_4301-4303_4ra80f_firmware
color_laserjet_pro_mfp_4301-4303_5hh67a
color_laserjet_pro_4201-4203_4ra89a_firmware
color_laserjet_pro_mfp_4301-4303_4ra81f_firmware
color_laserjet_pro_4201-4203_5hh52a_firmware
color_laserjet_pro_4201-4203_4ra88f
color_laserjet_pro_4201-4203_5hh48a
color_laserjet_pro_mfp_4301-4303_4ra84f_firmware
color_laserjet_pro_mfp_4301-4303_5hh64f
color_laserjet_pro_mfp_4301-4303_5hh67a_firmware
color_laserjet_pro_4201-4203_5hh53a_firmware
color_laserjet_pro_4201-4203_4ra87f
color_laserjet_pro_4201-4203_5hh59a_firmware
color_laserjet_pro_mfp_4301-4303_5hh65a
color_laserjet_pro_mfp_4301-4303_4ra84f
color_laserjet_pro_4201-4203_4ra88f_firmware
color_laserjet_pro_4201-4203_5hh51a_firmware
color_laserjet_pro_mfp_4301-4303_4ra81f
color_laserjet_pro_mfp_4301-4303_5hh66a_firmware
color_laserjet_pro_4201-4203_4ra89a
color_laserjet_pro_4201-4203_5hh48a_firmware
color_laserjet_pro_mfp_4301-4303_4ra83f_firmware
color_laserjet_pro_mfp_4301-4303_5hh72a_firmware
color_laserjet_pro_4201-4203_5hh51a
color_laserjet_pro_mfp_4301-4303_4ra80f
color_laserjet_pro_4201-4203_5hh53a
color_laserjet_pro_4201-4203_5hh59a
color_laserjet_pro_mfp_4301-4303_5hh64f_firmware
color_laserjet_pro_mfp_4301-4303_5hh72a
color_laserjet_pro_4201-4203_4ra87f_firmware

CWE

CWE-862

Missing Authorization

9.8 /10