Cyber Resilience

CVE-2022-4894

High

Published: 16 August 2023

Published
16 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4894 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Hp 2Zn49A Firmware. Its CVSS base score is 7.3 (High).

Operationally, ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hp
2zn49a firmware
all versions
hp
2zn50a firmware
all versions
hp
2ky38a firmware
all versions
hp
w7u01a firmware
all versions
hp
w7u02a firmware
all versions
hp
1vr14a firmware
all versions
hp
7uq76a firmware
all versions
hp
7ab26a firmware
all versions
hp
7zb25a firmware
all versions
hp
7zb72a firmware
all versions
+1013 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References