CVE-2019-6332

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.

CVSS v3.0 4.8 MEDIUM
CVSS v2.0 3.5 LOW

4.8^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.hp.com/in-en/document/c06428029	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:deskjet_2600_4uj28b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_2600_4uj28b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:deskjet_2600_v1n01a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_2600_v1n01a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:deskjet_2600_v1n08a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_2600_v1n08a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:deskjet_2600_y5h60a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_2600_y5h60a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:deskjet_2600_y5h80a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_2600_y5h80a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_2600_v1n02a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_2600_v1n02a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_2600_v1n02b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_2600_v1n02b:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_2600_y5z00a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_2600_y5z00a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_2600_y5z04b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_2600_y5z04b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_5000_m2u86a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_5000_m2u86a:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_5000_m2u89b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_5000_m2u89b:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_5200_m2u76a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_5200_m2u76a_:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:hp:deskjet_ink_advantage_5200_m2u78b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_ink_advantage_5200_m2u78b:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:hp:envy_5000_m2u85a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_5000_m2u85a:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:hp:envy_5000_m2u85b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_5000_m2u85b:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:hp:envy_5000_m2u91a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_5000_m2u91a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:hp:envy_5000_m2u94b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_5000_m2u94b:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:hp:envy_5000_z4a54a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_5000_z4a54a:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:hp:envy_5000_z4a74a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_5000_z4a74a:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:hp:envy_photo_6200_k7g18a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_6200_k7g18a:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:hp:envy_photo_6200_k7g26b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_6200_k7g26b:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:hp:envy_photo_6200_k7s21b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_6200_k7s21b:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:hp:envy_photo_6200_y0k13d__firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:hp:envy_photo_6200_y0k15a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_6200_y0k15a:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:hp:envy_photo_7100_3xd89a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7100_3xd89a:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:hp:envy_photo_7100_k7g93a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7100_k7g93a:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:hp:envy_photo_7100_k7g99a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7100_k7g99a:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:hp:envy_photo_7100_z3m37a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7100_z3m37a:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:hp:envy_photo_7100_z3m52a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7100_z3m52a:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:hp:envy_photo_7800_k7r96a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7800_k7r96a:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:hp:envy_photo_7800_k7s00a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7800_k7s00a:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:hp:envy_photo_7800_k7s10d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7800_k7s10d:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:hp:envy_photo_7800_y0g42d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7800_y0g42d:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:hp:envy_photo_7800_y0g52b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:envy_photo_7800_y0g52b:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_z4b53a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_z4b53a:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_z4b55a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_z4b55a:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_z6z95a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_z6z95a:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_z6z99a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_z6z99a:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_4dx94a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_4dx94a:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_4dx95a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_4dx95a:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_4yf79a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_4yf79a:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:hp:ink_tank_wireless_410_z7a01a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:ink_tank_wireless_410_z7a01a:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:hp:officejet_5200_m2u75a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officejet_5200_m2u75a:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:hp:officejet_5200_m2u81a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officejet_5200_m2u81a:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:hp:officejet_5200_m2u84b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officejet_5200_m2u84b:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:hp:officejet_5200_z4b12a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officejet_5200_z4b12a:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:hp:officejet_5200_z4b14a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officejet_5200_z4b14a:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:hp:officejet_5200_z4b27a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officejet_5200_z4b27a:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:hp:officejet_5200_z4b29a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officejet_5200_z4b29a:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND

cpe:2.3:o:hp:smart_tank_wireless_450_z4b56a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:smart_tank_wireless_450_z4b56a:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND

cpe:2.3:o:hp:smart_tank_wireless_450_z6z96a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:smart_tank_wireless_450_z6z96a:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND

cpe:2.3:o:hp:smart_tank_wireless_450_z6z98a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:smart_tank_wireless_450_z6z98a:-:*:*:*:*:*:*:*

Information

Published : 2020-01-09 11:15

Updated : 2020-01-21 12:58

NVD link : CVE-2019-6332

Mitre link : CVE-2019-6332

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

deskjet_ink_advantage_2600_y5z04b
envy_5000_m2u91a_firmware
envy_5000_m2u91a
officejet_5200_z4b27a_firmware
officejet_5200_m2u75a_firmware
officejet_5200_z4b29a
envy_photo_7100_k7g99a
officejet_5200_m2u81a_firmware
deskjet_ink_advantage_2600_y5z04b_firmware
deskjet_ink_advantage_5200_m2u76a_firmware
deskjet_2600_v1n08a
deskjet_ink_advantage_2600_y5z00a_firmware
ink_tank_wireless_410_z6z95a
envy_photo_7100_3xd89a_firmware
smart_tank_wireless_450_z6z98a_firmware
envy_photo_7800_y0g42d
ink_tank_wireless_410_4dx95a
smart_tank_wireless_450_z6z96a_firmware
deskjet_2600_4uj28b
envy_photo_7800_y0g52b_firmware
envy_photo_7100_z3m52a_firmware
ink_tank_wireless_410_4dx94a_firmware
envy_5000_m2u85a
deskjet_ink_advantage_5200_m2u78b_firmware
deskjet_2600_y5h60a_firmware
officejet_5200_z4b27a
officejet_5200_z4b14a
envy_photo_7100_z3m37a
ink_tank_wireless_410_z7a01a_firmware
envy_photo_6200_k7s21b
deskjet_2600_v1n01a
envy_photo_7800_y0g52b
ink_tank_wireless_410_4yf79a
deskjet_ink_advantage_5200_m2u78b
ink_tank_wireless_410_4dx95a_firmware
deskjet_ink_advantage_5000_m2u89b_firmware
ink_tank_wireless_410_z7a01a
ink_tank_wireless_410_z6z99a
deskjet_ink_advantage_5000_m2u89b
smart_tank_wireless_450_z6z98a
envy_5000_z4a54a
deskjet_ink_advantage_5200_m2u76a_
ink_tank_wireless_410_z4b53a_firmware
deskjet_ink_advantage_2600_v1n02b_firmware
envy_photo_7800_k7r96a_firmware
envy_5000_m2u94b
deskjet_2600_v1n01a_firmware
officejet_5200_m2u81a
deskjet_2600_y5h80a
officejet_5200_m2u75a
envy_photo_6200_k7g18a_firmware
envy_photo_6200_k7g18a
envy_photo_6200_k7g26b
envy_photo_7800_k7s00a_firmware
ink_tank_wireless_410_z4b53a
envy_photo_6200_y0k13d__firmware
smart_tank_wireless_450_z4b56a_firmware
envy_photo_7800_y0g42d_firmware
envy_photo_7100_z3m37a_firmware
envy_photo_7100_k7g93a
deskjet_2600_4uj28b_firmware
envy_photo_7800_k7s10d_firmware
envy_5000_z4a74a
envy_photo_6200_k7s21b_firmware
smart_tank_wireless_450_z6z96a
envy_photo_7800_k7r96a
deskjet_2600_v1n08a_firmware
envy_photo_7800_k7s10d
ink_tank_wireless_410_z4b55a
envy_5000_z4a74a_firmware
envy_photo_6200_k7g26b_firmware
deskjet_ink_advantage_5000_m2u86a
deskjet_ink_advantage_2600_v1n02b
envy_5000_m2u85b
smart_tank_wireless_450_z4b56a
deskjet_ink_advantage_5000_m2u86a_firmware
envy_5000_m2u94b_firmware
envy_photo_7100_3xd89a
envy_photo_7100_k7g93a_firmware
deskjet_2600_y5h60a
ink_tank_wireless_410_4dx94a
envy_5000_m2u85b_firmware
envy_photo_6200_y0k13d_
ink_tank_wireless_410_4yf79a_firmware
officejet_5200_z4b12a
envy_photo_7100_k7g99a_firmware
deskjet_ink_advantage_2600_y5z00a
officejet_5200_m2u84b
envy_photo_7800_k7s00a
officejet_5200_z4b12a_firmware
ink_tank_wireless_410_z6z99a_firmware
ink_tank_wireless_410_z6z95a_firmware
deskjet_ink_advantage_2600_v1n02a
envy_photo_6200_y0k15a
officejet_5200_z4b14a_firmware
deskjet_2600_y5h80a_firmware
officejet_5200_m2u84b_firmware
envy_5000_m2u85a_firmware
envy_5000_z4a54a_firmware
envy_photo_7100_z3m52a
deskjet_ink_advantage_2600_v1n02a_firmware
ink_tank_wireless_410_z4b55a_firmware
officejet_5200_z4b29a_firmware
envy_photo_6200_y0k15a_firmware

4.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-6332

4.8^/10

3.5^/10

Attach tags to `CVE-2019-6332`