CVE-2018-5924

Home/CVE/A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affe

CVE

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affe

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

CRITICAL · CVSS 9.8 EPSS 0.17351

Schedule remediation

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 5% of all CVEs by exploitation likelihood
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-787Out-of-bounds Write

▤

Affected Products & Versions

hp t8x44 firmwareall versions
hp 3aw51a firmwareall versions
hp a9u28b firmwareall versions
hp d3a82a firmwareall versions
hp v1n08a firmwareall versions
hp y5h80a firmwareall versions
hp d4h24b firmwareall versions
hp f5s57a firmwareall versions
Show all 60 affected productshp k4t99b firmwareall versions
hp k4u04b firmwareall versions
hp t8x39 firmwareall versions
hp 1sh08 firmwareall versions
hp 3aw44a firmwareall versions
hp a9u19a firmwareall versions
hp d3a78b firmwareall versions
hp 4uj28b firmwareall versions
hp v1n01a firmwareall versions
hp y5h60a firmwareall versions
hp d4h22a firmwareall versions
hp j6u57b firmwareall versions
hp j9v82a firmwareall versions
hp j9v82b firmwareall versions
hp j9v82c firmwareall versions
hp j9v82d firmwareall versions
hp y3z57 firmwareall versions
hp w1b33 firmwareall versions
hp w1b39 firmwareall versions
hp w1b37 firmwareall versions
hp w1b38 firmwareall versions
hp j6u55a firmwareall versions
hp j6u55b firmwareall versions
hp j6u55c firmwareall versions
hp j6u55d firmwareall versions
hp y3z45 firmwareall versions
hp y3z47 firmwareall versions
hp j9v80a firmwareall versions
hp j9v80b firmwareall versions
hp d3q15a firmwareall versions
hp d3q15b firmwareall versions
hp d3q15d firmwareall versions
hp d3q17a firmwareall versions
hp d3q17c firmwareall versions
hp d3q17d firmwareall versions
hp y3z46 firmwareall versions
hp y3z44 firmwareall versions
hp d3q19a firmwareall versions
hp d3q19d firmwareall versions
hp d3q20a firmwareall versions
hp d3q20b firmwareall versions
hp d3q20c firmwareall versions
hp d3q20d firmwareall versions
hp d3q21a firmwareall versions
hp d3q21c firmwareall versions
hp d3q21d firmwareall versions
hp k9z76a firmwareall versions
hp k9z76d firmwareall versions
hp w1b31 firmwareall versions
hp y3z54 firmwareall versions
hp d3q16a firmwareall versions
hp d3q16b firmwareall versions

▣

Scoring & Timeline

9.8

CRITICAL · CVSS v3.0 · hp-security-alert@hp.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD13 Aug 2018 · 03:29 PM

CVSS VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://www.securityfocus.com/bid/105010Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041415Third Party AdvisoryVDB Entry

https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/Third Party Advisory

https://support.hp.com/us-en/document/c06097712Vendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin