CVE-2023-35175
Published: 30 June 2023
Summary
CVE-2023-35175 is a critical-severity SSRF (CWE-918) vulnerability in Hp Laserjet Pro Mfp M478-M479 W1A75A Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 9.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Certain HP LaserJet Pro print products are affected by CVE-2023-35175, a server-side request forgery (SSRF) vulnerability in the Web Service Eventing model that can lead to remote code execution or elevation of privilege. The flaw is tracked under CWE-918 and carries a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction.
An unauthenticated remote attacker can supply crafted requests to the affected devices' eventing interfaces, causing the printer firmware to issue arbitrary server-side requests. Successful exploitation may allow the attacker to execute code or escalate privileges on the device.
HP has published security bulletin HPSBPI03851, which directs customers to the referenced support document for firmware updates and configuration guidance that address the issue.
The associated EPSS score has remained flat at 0.0521 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-39178
Vulnerability details
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.