CERTFR-2022-AVI-268

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits HP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
N/A N/A HP PageWide Pro 477dw Multifunction Printer series versions antérieures à 2205D
N/A N/A HP PageWide Pro 552dw Printer series versions antérieures à 2205D
N/A N/A HP LaserJet Pro MFP M428, M429 F versions antérieures à 002_2208A
N/A N/A HP LaserJet Pro M404, M405 versions antérieures à 002_2208A
N/A N/A HP PageWide 377dw Multifunction Printer versions antérieures à 2205D
N/A N/A HP Color LaserJet Pro MFP M2XX
N/A N/A HP OfficeJet Pro 8210 Printer series versions antérieures à 001.2210B
N/A N/A HP PageWide Pro 452dn Printer series versions antérieures à 2205D
N/A N/A HP Color LaserJet Pro M453 - M454 versions antérieures à 002_2208A
N/A N/A HP PageWide 352dw Printer versions antérieures à 2205D
N/A N/A HP OfficeJet Pro 8216 Printer series versions antérieures à 001.2210B
N/A N/A HP PageWide Pro 577 Multifunction Printer series versions antérieures à 2205D
N/A N/A HP LaserJet Pro M304, M305 versions antérieures à 002_2208A
N/A N/A HP OfficeJet Pro 8730 All-in-One Printer versions antérieures à 001.2210B
N/A N/A HP LaserJet Pro MFP M428, M429 versions antérieures à 002_2208A
N/A N/A HP PageWide Pro 477dn Multifunction Printer series versions antérieures à 2205D
N/A N/A HP PageWide Managed P55250dw Printer series versions antérieures à 2205D
N/A N/A HP PageWide Managed P57750dw Multifunction Printer versions antérieures à 2205D
N/A N/A HP OfficeJet Pro 8740 All-in-One Printer series versions antérieures à 001.2210B
N/A N/A HP Color LaserJet Pro MFP M478, M479 versions antérieures à 002_2208A
N/A N/A HP PageWide Pro 452dw Printer series versions antérieures à 2205D
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP PageWide Pro 477dw Multifunction Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 552dw Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro MFP M428, M429 F versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro M404, M405 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide 377dw Multifunction Printer versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Color LaserJet Pro MFP M2XX",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8210 Printer series versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 452dn Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Color LaserJet Pro M453 - M454 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide 352dw Printer versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8216 Printer series versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 577 Multifunction Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro M304, M305 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8730 All-in-One Printer versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP LaserJet Pro MFP M428, M429 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 477dn Multifunction Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Managed P55250dw Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Managed P57750dw Multifunction Printer versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OfficeJet Pro 8740 All-in-One Printer series versions ant\u00e9rieures \u00e0 001.2210B",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Color LaserJet Pro MFP M478, M479 versions ant\u00e9rieures \u00e0 002_2208A",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP PageWide Pro 452dw Printer series versions ant\u00e9rieures \u00e0 2205D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-24292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24292"
    },
    {
      "name": "CVE-2022-24291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24291"
    },
    {
      "name": "CVE-2022-24293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24293"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-268",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP hpsbpi03781 du 21 mars 2022",
      "url": "https://support.hp.com/us-en/document/ish_5950417-5950443-16/hpsbpi03781"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.