7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Remote disclosure of information
A potential vulnerability exists in HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers. This is the OpenSSL vulnerability known as “Heartbleed” (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information.
HP has provided firmware updates that address this vulnerability. Please see the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software.
Product Name
|
Model Number
|
Firmware Revision
—|—|—
Product Name
|
Model
|
Firmware Update Version
HP LaserJet Pro M435nw Multifunction Printer
|
A3E42A
|
v 20140411 (or higher)
HP LaserJet Pro 500 color MFP M570
|
CZ271A, CZ272A
|
v 20140411 (or higher)
HP LaserJet Pro M521 Multifunction Printer
|
A8P79A, A8P80A
|
v 20140411 (or higher)
HP Color LaserJet Pro MFP M476
|
CF387A, CF386A, CF385A
|
v 20140410 (or higher)
HP LaserJet Pro M701/M706 Printer
|
B6S00A, B6S01A, B6S02A
|
v 20140411 (or higher)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N