Skip to main content

W1A75A Firmware CVE-2023-35175

CRITICAL
Server-Side Request Forgery (SSRF) (CWE-918)
2023-06-30 hp-security-alert@hp.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 30, 2023 - 16:15 nvd
CRITICAL 9.8

DescriptionNVD

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.

AnalysisAI

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. Affected products include: Hp W1A75A Firmware, Hp W1A76A Firmware, Hp W1A77A Firmware, Hp W1A78A Firmware, Hp W1A79A Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2022-24293 CRITICAL
9.8 Mar 23

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execut

CVE-2022-24292 CRITICAL
9.8 Mar 23

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execut

CVE-2023-27973 CRITICAL
9.8 Apr 28

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. Rated c

CVE-2023-27972 CRITICAL
9.8 Apr 28

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Rated

CVE-2023-27971 CRITICAL
9.8 Apr 28

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. Rate

CVE-2022-28721 CRITICAL
9.8 Sep 26

Certain HP Print Products are potentially vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this

CVE-2023-35176 HIGH
8.8 Jun 30

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using

CVE-2023-35178 HIGH
8.8 Jun 30

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to sc

CVE-2023-35177 HIGH
8.8 Jun 30

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compac

CVE-2022-24291 HIGH
7.5 Mar 23

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execut

CVE-2024-5143 MEDIUM
6.8 May 23

A user with device administrative privileges can change existing SMTP server settings on the device, without having to r

CVE-2025-12785 MEDIUM
6.9 Nov 13

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering

Share

CVE-2023-35175 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy