CVE-2020-28419

Name: CVE-2020-28419
Creator: NVD / NIST
Published: 2021-11-09T19:15:07.753+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 2.24%

Last modified Jun 17, 2026

CVE-2020-28419 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. During installation with certain driver software or application packages an arbitrary code execution could occur.. EPSS estimates a 2.24% chance of exploitation in the next 30 days.

Description

During installation with certain driver software or application packages an arbitrary code execution could occur.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

2.24%

80.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Hp	Color Laserjet Cm4540 Mfp Firmware	< 61.111.01.9108
Hp	Color Laserjet Enterprise Flow Mfp M880z Firmware	< 11.0.19232.882
Hp	Color Laserjet Managed Flow Mfp M880zm Firmware	< 11.0.19232.882
Hp	Color Laserjet Enterprise M455 Firmware	< 52.1.4899
Hp	Color Laserjet Enterprise M552 Firmware	< 14.0.19241.351
Hp	Color Laserjet Enterprise M553 Firmware	< 14.0.19232.485
Hp	Color Laserjet Managed M553 Firmware	< 14.0.19232.485
Hp	Color Laserjet Enterprise M651 Firmware	< 10.0.16007.5
Hp	Color Laserjet Managed M651 Firmware	< 10.0.16007.5
Hp	Color Laserjet Enterprise M750 Firmware	< 9.0.15316.203
Hp	Color Laserjet Enterprise M855 Firmware	< 11.0.16058.821
Hp	Color Laserjet Enterprise M856 Firmware	< 50.1.4584
Hp	Color Laserjet Managed E85055 Firmware	< 50.1.4584
Hp	Color Laserjet Enterprise Mfp M480	< 52.1.4899
Hp	Color Laserjet Enterprise Mfp M577 Firmware	< 16.0.19235.653
Hp	Color Laserjet Enterprise Flow Mfp M577 Firmware	< 16.0.19233.658
Hp	Color Laserjet Enterprise Mfp M680 Firmware	< 10.0.15324.194
Hp	Color Laserjet Enterprise Flow Mfp M680 Firmware	< 10.0.15324.199
Hp	Color Laserjet Managed E45028 Firmware	< 52.1.4899
Hp	Color Laserjet Managed E75245 Firmware	< 49.1.4431
Hp	Color Laserjet Managed Mfp E67550 Firmware	< 43.2.2509
Hp	Color Laserjet Managed Mfp E67560 Firmware	< 43.2.2509
Hp	Color Laserjet Managed Flow Mfp E67550 Firmware	< 43.2.2509
Hp	Color Laserjet Managed Flow Mfp E67560 Firmware	< 43.2.2509
Hp	Color Laserjet Managed Mfp E67650 Firmware	< 49.1.4424
Hp	Color Laserjet Managed Mfp E77422	< 50.1.4533
Hp	Color Laserjet Managed Mfp E77428	< 50.1.4533
Hp	Color Laserjet Managed Mfp M680 Firmware	< 10.0.15324.194
Hp	Color Laserjet Managed Flow Mfp M680 Firmware	< 10.0.15324.199
Hp	Color Laserjet Pro M154 Firmware	< 44.7.2713
Hp	Color Laserjet Pro M155 Firmware	< 44.6.2710
Hp	Color Laserjet Pro M156 Firmware	< 44.6.2710
Hp	Color Laserjet Pro M252n Firmware	< 14.0.15311.432
Hp	Color Laserjet Pro M252dw Firmware	< 14.0.15311.432
Hp	Color Laserjet Pro M255 Firmware	< 44.6.2710
Hp	Color Laserjet Pro M452dw Firmware	< 16.0.19117.636
Hp	Color Laserjet Pro M452dn Firmware	< 16.0.19117.636
Hp	Color Laserjet Pro M452nw Firmware	< 16.0.19117.636
Hp	Color Laserjet Pro Mfp M176 Firmware	< 15.0.15322.1207
Hp	Color Laserjet Pro Mfp M176 Firmware	< 15.0.16260.1230
Hp	Color Laserjet Pro Mfp M177 Firmware	< 15.0.16260.1230
Hp	Color Laserjet Pro Mfp M180 Firmware	< 44.7.2713
Hp	Color Laserjet Pro Mfp M181 Firmware	< 44.7.2713
Hp	Color Laserjet Pro Mfp M182 Firmware	< 44.6.2710
Hp	Color Laserjet Pro Mfp M183 Firmware	All versions
Hp	Color Laserjet Pro Mfp M274n Firmware	< 14.0.15345.148
Hp	Color Laserjet Pro Mfp M277n Firmware	< 14.0.15345.533
Hp	Color Laserjet Pro Mfp M277dw Firmware	< 14.0.15345.533
Hp	Color Laserjet Pro Mfp M280 Firmware	< 44.7.2713
Hp	Color Laserjet Pro Mfp M281 Firmware	< 44.7.2713

Showing 50 of 218 affected configurations. See NVD for the full list.

References

https://support.hp.com/us-en/document/c07058567Vendor Advisory
https://support.hp.com/us-en/document/c07058567Vendor Advisory

Timeline

Published: Nov 9, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-28419?

During installation with certain driver software or application packages an arbitrary code execution could occur.

How severe is CVE-2020-28419?

CVE-2020-28419 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 2.24% probability of exploitation in the next 30 days.

How do I fix CVE-2020-28419?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-28419?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST