Advisory for HP Security Update

  • NIC-CERT/2022-12/510
  • Date: 2022-12-14
  • CVE ID: Multiple
  • Severity: High

Description:

A vulnerability has been found in HP product which could allow an attacker to take control of the affected system.

Security Issues Fixed:

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

CVE Id and Vector:

CVE ID

CVS 3.0

Vector

CVE-2022-46358

8.2

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVE-2022-46357

7.5

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVE-2022-46359

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVE-2022-46356

7.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CVE-2020-15522

5.9

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Resolution:

Update your printer software.

HP has provided a software update to remediate the issue for potentially affected products listed in the table below. To obtain the updated software, go to theHP Security Managersite, and then clickDownload. Sign in with your HP account to access the download information form.

References:

https:/support.hp.com/us-en/security-bulletins