#VU67639 Buffer overflow in HP Development Company products - CVE-2022-28722

Cybersecurity Help s.r.o.

Published: 2022-09-26

Vulnerability identifier: #VU67639

Vulnerability risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-28722

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vendor: HP Development Company

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An attacker with physical access can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

HP OfficeJet 6950 All-in-One Printer series: before 001.2224A

HP OfficeJet 6960 All-in-One Printer series: before 001.2225A

HP OfficeJet 8022 All-in-One Printer: before 001.2213A

HP OfficeJet 8022e All-in-One Printer: before 004.2222A

HP OfficeJet Pro 6960 All-in-One Printer series: before 001.2225A

HP OfficeJet Pro 6970 All-in-One Printer series: before 001.2225A

HP OfficeJet Pro 7720 Wide Format All-in-One Printer series: before 003.2226A

HP OfficeJet Pro 7730 Wide Format All-in-One Printer: before 003.2226A

HP OfficeJet Pro 7740 Wide Format All-in-One Printer series: before 002.2226A

HP OfficeJet Pro 8210 Printer series: before 001.2225B

HP OfficeJet Pro 8730 All-in-One Printer: before 001.2225B

HP OfficeJet Pro 8740 All-in-One Printer series: before 001.2225B

HP PageWide 352dw Printer: before 2228B

HP PageWide 377dw Multifunction Printer: before 2228B

HP PageWide Managed P55250dw Printer series: before 2228B

HP PageWide Managed P57750dw Multifunction Printer: before 2228B

HP PageWide Managed P75050dn: before 006.2225A

HP PageWide Managed P75050dw: before 006.2225A

HP PageWide Managed P77740dn Multifunction Printer: before 006.2225A

HP PageWide Managed P77740dw Multifunction Printer: before 006.2225A

HP PageWide Managed P77740z Multifunction Printer: before 006.2225A

HP PageWide Managed P77750z Multifunction Printer: before 006.2225A

HP PageWide Managed P77760z Multifunction Printer: before 006.2225A

HP PageWide Pro 452dn Printer series: before 2228B

HP PageWide Pro 452dw Printer series: before 2228B

HP PageWide Pro 477dn Multifunction Printer series: before 2228B

HP PageWide Pro 477dw Multifunction Printer series: before 2228B

HP PageWide Pro 552dw Printer series: before 2228B

HP PageWide Pro 577 Multifunction Printer series: before 2228B

HP PageWide Pro 750dn Printer: before 006.2225A

HP PageWide Pro 750dw Printer: before 006.2225A

HP PageWide Pro 772dn Multifunction Printer: before 006.2225A

HP PageWide Pro 772dw Multifunction Printer: before 006.2225A

External links
https://support.hp.com/us-en/document/ish_6839789-6839813-16/HPSBPI03810

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in HP LaserJet Pro printers, PageWide Pro printers and inkjet printers