cbcvebase.
CVE-2017-2743
published 2018-01-23

CVE-2017-2743: HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide…

PriorityP424medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.27%
66.1th percentile
HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Affected

88 ranges· showing 25
VendorProductVersion rangeFixed in
hp2a68a_firmware< 2308214_0009112308214_000911
hp2a69a_firmware< 2308214_0009112308214_000911
hp2a70a_firmware< 2308214_0009112308214_000911
hp2a71a_firmware< 2308214_0009112308214_000911
hpa2w75a_firmware< 2308214_0009282308214_000928
hpa2w76a_firmware< 2308214_0009282308214_000928
hpa2w77a_firmware< 2308214_0009302308214_000930
hpa2w78a_firmware< 2308214_0009302308214_000930
hpa2w79a_firmware< 2308214_0009302308214_000930
hpb3g85a_firmware< 2308214_0009122308214_000912
hpb5l04a_firmware< 2308214_0009022308214_000902
hpb5l05a_firmware< 2308214_0009022308214_000902
hpb5l07a_firmware< 2308214_0009022308214_000902
hpb5l23a_firmware< 2308214_0009072308214_000907
hpb5l24a_firmware< 2308214_0009072308214_000907
hpb5l25a_firmware< 2308214_0009072308214_000907
hpb5l26a_firmware< 2308214_0009072308214_000907
hpb5l46a_firmware< 2308214_0009092308214_000909
hpb5l47a_firmware< 2308214_0009092308214_000909
hpb5l48a_firmware< 2308214_0009092308214_000909
hpc2s11a_firmware< 2308214_0009062308214_000906
hpc2s12a_firmware< 2308214_0009062308214_000906
hpcc419a_firmware< 2308214_0009012308214_000901
hpcc420a_firmware< 2308214_0009012308214_000901
hpcc421a_firmware< 2308214_0009012308214_000901

CVSS provenance

nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.