CVE-2023-1329
Published: 14 June 2023
Summary
CVE-2023-1329 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Hp Laserjet Managed Mfp E62665 3Gy14A Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 7.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Certain HP multifunction printers running HP Workpath solutions are affected by a buffer overflow vulnerability that can result in remote code execution. Tracked as CVE-2023-1329 with a CVSS v3.1 score of 9.8, the flaw is associated with CWE-120 and permits an attacker to supply crafted input that overflows a buffer during solution execution on the device.
An unauthenticated remote attacker can exploit the issue over the network with no user interaction required, achieving arbitrary code execution that fully compromises the confidentiality, integrity, and availability of the printer.
HP has published security bulletin HPSBPI03849 that identifies affected models and provides remediation guidance for customers running Workpath solutions on those products. The EPSS score has remained flat at 0.0798 since disclosure, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-23587
Vulnerability details
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.