Cyber Resilience

CVE-2023-1329

Critical

Published: 14 June 2023

Published
14 June 2023
Modified
31 December 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0798 92.3th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-1329 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Hp Laserjet Managed Mfp E62665 3Gy14A Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 7.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Certain HP multifunction printers running HP Workpath solutions are affected by a buffer overflow vulnerability that can result in remote code execution. Tracked as CVE-2023-1329 with a CVSS v3.1 score of 9.8, the flaw is associated with CWE-120 and permits an attacker to supply crafted input that overflows a buffer during solution execution on the device.

An unauthenticated remote attacker can exploit the issue over the network with no user interaction required, achieving arbitrary code execution that fully compromises the confidentiality, integrity, and availability of the printer.

HP has published security bulletin HPSBPI03849 that identifies affected models and provides remediation guidance for customers running Workpath solutions on those products. The EPSS score has remained flat at 0.0798 since disclosure, indicating no material increase in observed exploitation interest.

EU & UK References

Vulnerability details

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hp
laserjet managed mfp e62665 3gy14a firmware
all versions
hp
laserjet managed mfp e62665 3gy15a firmware
all versions
hp
laserjet managed mfp e62665 3gy16a firmware
all versions
hp
laserjet managed mfp e62665 3gy17a firmware
all versions
hp
laserjet managed mfp e62665 3gy18a firmware
all versions
hp
color laserjet enterprise flow mfp 5800zf 49k96av firmware
all versions
hp
color laserjet enterprise flow mfp 5800zf 58r10a firmware
all versions
hp
color laserjet enterprise flow mfp 5800zf 6qn29a firmware
all versions
hp
color laserjet enterprise flow mfp 5800zf 6qn30a firmware
all versions
hp
color laserjet enterprise flow mfp 5800zf 6qn31a firmware
all versions
+947 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References