Account lockout bypass
Source: HP, HP Product Security Response Team (PSRT)
Reported by: Alexander Drabek, Logically Secure Limited
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
VULNERABILITY SUMMARY
Reference
|
Base vector
|
Base score
|
CVE-2019-18917
|
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
|
6.5
|
Product name
|
Model number
|
Firmware revision
|
HP ENVY 5000 All-in-One Printer series
|
M2U85A - M2U85B
M2U91A - M2U94B
Z4A54A - Z4A74A
|
003.2008A and later
|
HP DeskJet Ink Advantage 5000 All-in-One Printer series
|
M2U86A - M2U89B
|
003.2008A and later
|
PI
|
HP Printing and Imaging
|
HF
|
HP Hardware and Firmware
|
GN
|
HP General Software
|