Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
High
Attack Vector
Network
0

CVE-2019-6332

Disclosure Date: January 09, 2020
CVE-2019-6332 CVSS v3 Base Score: 4.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A – V1N08A, Y5H60A – Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A – V1N02B, Y5Z00A – Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A – M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A – M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A – M2U85B, M2U91A – M2U94B, Z4A54A – Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D – Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A – Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A – K7S10D, Y0G42D – Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A – Z4B55A, Z6Z95A – Z6Z99A, 4DX94A – 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A – Z4B14A, Z4B27A – Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A – Z6Z98A.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
4.8 Medium
Impact Score:
2.7
Exploitability Score:
1.7
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
HP DeskJet 2600 All-in-One Printer series 4UJ28B
HP DeskJet 2600 All-in-One Printer series V1N01A - V1N08A
HP DeskJet 2600 All-in-One Printer series Y5H60A - Y5H80A
HP DeskJet Ink Advantage 2600 All-in-One Printer series V1N02A - V1N02B
HP DeskJet Ink Advantage 2600 All-in-One Printer series Y5Z00A - Y5Z04B
HP DeskJet Ink Advantage 5000 All-in-One Printer series M2U86A - M2U89B
HP DeskJet Ink Advantage 5200 All-in-One Printer series M2U76A - M2U78B
HP ENVY 5000 All-in-One Printer series M2U85A - M2U85B
HP ENVY 5000 All-in-One Printer series M2U91A - M2U94B
HP ENVY 5000 All-in-One Printer series Z4A54A - Z4A74A
HP ENVY Photo 6200 All-in-One Printer series K7G18A-K7G26B
HP ENVY Photo 6200 All-in-One Printer series K7S21B
HP ENVY Photo 6200 All-in-One Printer series Y0K13D - Y0K15A
HP ENVY Photo 7100 All-in-One Printer series 3XD89A
HP ENVY Photo 7100 All-in-One Printer series K7G93A-K7G99A
HP ENVY Photo 7100 All-in-One Printer series Z3M37A - Z3M52A
HP ENVY Photo 7800 All-in-One Printer series K7R96A
HP ENVY Photo 7800 All-in-One Printer series K7S00A - K7S10D
HP ENVY Photo 7800 All-in-One Printer series Y0G42D - Y0G52B
HP Ink Tank Wireless 410 series Z4B53A - Z4B55A
HP Ink Tank Wireless 410 series Z6Z95A - Z6Z99A
HP Ink Tank Wireless 410 series 4DX94A - 4DX95A
HP Ink Tank Wireless 410 series 4YF79A
HP Ink Tank Wireless 410 series Z7A01A
HP OfficeJet 5200 All-in-One Printer series M2U75A
HP OfficeJet 5200 All-in-One Printer series M2U81A-M2U84B
HP OfficeJet 5200 All-in-One Printer series Z4B12A - Z4B14A
HP OfficeJet 5200 All-in-One Printer series Z4B27A - Z4B29A
HP Smart Tank Wireless 450 series Z4B56A
HP Smart Tank Wireless 450 series Z6Z96A - Z6Z98A
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis