{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9419", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "state": "PUBLISHED", "assignerShortName": "hp", "dateReserved": "2024-10-01T19:23:25.063Z", "datePublished": "2024-10-30T17:25:43.444Z", "dateUpdated": "2024-10-30T18:25:11.685Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "HP Smart Universal Printing Driver", "vendor": "HP, Inc.", "versions": [{"status": "affected", "version": "See HP security bulletin reference for affected versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.</span>"}], "value": "Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2024-10-30T17:26:22.940Z"}, "references": [{"url": "https://support.hp.com/us-en/document/ish_11505949-11505972-16"}], "source": {"advisory": "HPSBPI03975", "discovery": "UNKNOWN"}, "title": "Certain HP Print Products\u2013Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "hp", "product": "smart_universal_printing_driver", "cpes": ["cpe:2.3:a:hp:smart_universal_printing_driver:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.07.1.3204", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-30T18:16:18.426856Z", "id": "CVE-2024-9419", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T18:25:11.685Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9419", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-30T18:16:18.426856Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hp:smart_universal_printing_driver:*:*:*:*:*:*:*:*"], "vendor": "hp", "product": "smart_universal_printing_driver", "versions": [{"status": "affected", "version": "0", "lessThan": "4.07.1.3204", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T18:24:44.127Z"}}], "cna": {"title": "Certain HP Print Products\u2013Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver", "source": {"advisory": "HPSBPI03975", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HP, Inc.", "product": "HP Smart Universal Printing Driver", "versions": [{"status": "affected", "version": "See HP security bulletin reference for affected versions"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.hp.com/us-en/document/ish_11505949-11505972-16"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2024-10-30T17:26:22.940Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9419", "state": "PUBLISHED", "dateUpdated": "2024-10-30T18:25:11.685Z", "dateReserved": "2024-10-01T19:23:25.063Z", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "datePublished": "2024-10-30T17:25:43.444Z", "assignerShortName": "hp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:smart_universal_printing_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "67B0E9E3-F3CD-44CF-B115-A61FBE24D5B7", "versionEndExcluding": "4.07.1.3204", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC."}, {"lang": "es", "value": "Los equipos cliente/servidor con el controlador de impresi\u00f3n universal inteligente de HP instalado son potencialmente vulnerables a la ejecuci\u00f3n remota de c\u00f3digo y/o la elevaci\u00f3n de privilegios. Un cliente que utilice el controlador de impresi\u00f3n universal inteligente de HP que env\u00ede un trabajo de impresi\u00f3n compuesto por un archivo XPS malicioso podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo y/o la elevaci\u00f3n de privilegios en el equipo."}], "id": "CVE-2024-9419", "lastModified": "2026-01-26T18:00:18.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "hp-security-alert@hp.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-30T18:15:08.260", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_11505949-11505972-16"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "hp-security-alert@hp.com", "type": "Secondary"}]}

{}

{}