4.8
MEDIUM
CVE-2019-6332
"Hewlett Packard InkJet and OfficeJet Printers Cross-Site Scripting Vulnerability"
Description

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.

INFO

Published Date :

Jan. 9, 2020, 7:15 p.m.

Last Modified :

Jan. 21, 2020, 8:58 p.m.

Remotely Exploitable :

Yes !

Impact Score :

2.7

Exploitability Score :

1.7
Affected Products

The following products are affected by CVE-2019-6332 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hp deskjet_2600_y5h80a_firmware
2 Hp deskjet_2600_v1n08a_firmware
3 Hp deskjet_2600_y5h60a_firmware
4 Hp deskjet_2600_v1n01a_firmware
5 Hp deskjet_ink_advantage_2600_v1n02a_firmware
6 Hp deskjet_ink_advantage_2600_y5z00a_firmware
7 Hp deskjet_2600_4uj28b_firmware
8 Hp deskjet_ink_advantage_2600_v1n02b_firmware
9 Hp deskjet_ink_advantage_2600_y5z04b_firmware
10 Hp deskjet_ink_advantage_5000_m2u86a_firmware
11 Hp deskjet_ink_advantage_5000_m2u89b_firmware
12 Hp deskjet_ink_advantage_5200_m2u76a_firmware
13 Hp deskjet_ink_advantage_5200_m2u78b_firmware
14 Hp envy_5000_m2u85a_firmware
15 Hp envy_5000_m2u85b_firmware
16 Hp envy_5000_m2u91a_firmware
17 Hp envy_5000_m2u94b_firmware
18 Hp envy_5000_z4a54a_firmware
19 Hp envy_5000_z4a74a_firmware
20 Hp envy_photo_6200_k7g18a_firmware
21 Hp envy_photo_6200_k7g26b_firmware
22 Hp envy_photo_6200_k7s21b_firmware
23 Hp envy_photo_6200_y0k13d__firmware
24 Hp envy_photo_6200_y0k15a_firmware
25 Hp envy_photo_7100_3xd89a_firmware
26 Hp envy_photo_7100_k7g93a_firmware
27 Hp envy_photo_7100_k7g99a_firmware
28 Hp envy_photo_7100_z3m37a_firmware
29 Hp envy_photo_7100_z3m52a_firmware
30 Hp envy_photo_7800_k7r96a_firmware
31 Hp envy_photo_7800_k7s00a_firmware
32 Hp envy_photo_7800_k7s10d_firmware
33 Hp envy_photo_7800_y0g42d_firmware
34 Hp envy_photo_7800_y0g52b_firmware
35 Hp ink_tank_wireless_410_z4b53a_firmware
36 Hp ink_tank_wireless_410_z4b55a_firmware
37 Hp ink_tank_wireless_410_z6z95a_firmware
38 Hp ink_tank_wireless_410_z6z99a_firmware
39 Hp ink_tank_wireless_410_4dx94a_firmware
40 Hp ink_tank_wireless_410_4dx95a_firmware
41 Hp ink_tank_wireless_410_4yf79a_firmware
42 Hp ink_tank_wireless_410_z7a01a_firmware
43 Hp officejet_5200_m2u75a_firmware
44 Hp officejet_5200_m2u81a_firmware
45 Hp officejet_5200_m2u84b_firmware
46 Hp officejet_5200_z4b12a_firmware
47 Hp officejet_5200_z4b14a_firmware
48 Hp officejet_5200_z4b27a_firmware
49 Hp officejet_5200_z4b29a_firmware
50 Hp smart_tank_wireless_450_z4b56a_firmware
51 Hp smart_tank_wireless_450_z6z96a_firmware
52 Hp smart_tank_wireless_450_z6z98a_firmware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-6332.

URL Resource
https://support.hp.com/in-en/document/c06428029 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-6332 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-6332 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jan. 21, 2020

    Action Type Old Value New Value
    Added CVSS V2 Metadata Victim must voluntarily interact with attack mechanism
    Added CVSS V2 NIST (AV:N/AC:M/Au:S/C:N/I:P/A:N)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
    Changed Reference Type https://support.hp.com/in-en/document/c06428029 No Types Assigned https://support.hp.com/in-en/document/c06428029 Vendor Advisory
    Added CWE NIST CWE-79
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_2600_4uj28b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_2600_4uj28b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_2600_v1n01a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_2600_v1n01a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_2600_v1n08a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_2600_v1n08a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_2600_y5h60a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_2600_y5h60a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_2600_y5h80a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_2600_y5h80a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_2600_v1n02a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_ink_advantage_2600_v1n02a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_2600_v1n02b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_ink_advantage_2600_v1n02b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_2600_y5z00a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1923 OR cpe:2.3:h:hp:deskjet_ink_advantage_2600_y5z00a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_2600_y5z04b_firmware:*:*:*:*:*:*:*:* versions up to (including) 1923 OR cpe:2.3:h:hp:deskjet_ink_advantage_2600_y5z04b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_5000_m2u86a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:deskjet_ink_advantage_5000_m2u86a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_5000_m2u89b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:deskjet_ink_advantage_5000_m2u89b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_5200_m2u76a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:deskjet_ink_advantage_5200_m2u76a_:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:deskjet_ink_advantage_5200_m2u78b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:deskjet_ink_advantage_5200_m2u78b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_5000_m2u85a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_5000_m2u85a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_5000_m2u85b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_5000_m2u85b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_5000_m2u91a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_5000_m2u91a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_5000_m2u94b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_5000_m2u94b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_5000_z4a54a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_5000_z4a54a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_5000_z4a74a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_5000_z4a74a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_6200_k7g18a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_6200_k7g18a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_6200_k7g26b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_6200_k7g26b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_6200_k7s21b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_6200_k7s21b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_6200_y0k13d__firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_6200_y0k15a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_6200_y0k15a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7100_3xd89a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7100_3xd89a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7100_k7g93a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7100_k7g93a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7100_k7g99a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7100_k7g99a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7100_z3m37a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7100_z3m37a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7100_z3m52a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7100_z3m52a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7800_k7r96a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7800_k7r96a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7800_k7s00a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7800_k7s00a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7800_k7s10d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7800_k7s10d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7800_y0g42d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7800_y0g42d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_photo_7800_y0g52b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:envy_photo_7800_y0g52b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_z4b53a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_z4b53a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_z4b55a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_z4b55a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_z6z95a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_z6z95a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_z6z99a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_z6z99a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_4dx94a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_4dx94a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_4dx95a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_4dx95a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_4yf79a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_4yf79a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:ink_tank_wireless_410_z7a01a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:ink_tank_wireless_410_z7a01a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:officejet_5200_m2u75a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:officejet_5200_m2u75a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:officejet_5200_m2u81a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:officejet_5200_m2u81a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:officejet_5200_m2u84b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:officejet_5200_m2u84b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:officejet_5200_z4b12a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:officejet_5200_z4b12a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:officejet_5200_z4b14a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:officejet_5200_z4b14a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:officejet_5200_z4b27a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:officejet_5200_z4b27a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:officejet_5200_z4b29a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 003.1925a OR cpe:2.3:h:hp:officejet_5200_z4b29a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:smart_tank_wireless_450_z4b56a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:smart_tank_wireless_450_z4b56a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:smart_tank_wireless_450_z6z96a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:smart_tank_wireless_450_z6z96a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:smart_tank_wireless_450_z6z98a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1924 OR cpe:2.3:h:hp:smart_tank_wireless_450_z6z98a:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-6332 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-6332 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.05 }} 0.00%

score

0.16528

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability