CVE-2022-28721

Name: CVE-2022-28721
Creator: NVD / NIST
Published: 2022-09-26T15:15:24.177+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.50%

Last modified Jun 17, 2026

CVE-2022-28721 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Certain HP Print Products are potentially vulnerable to Remote Code Execution.. EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

Certain HP Print Products are potentially vulnerable to Remote Code Execution.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.50%

71.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Hp	M2u86a Firmware	< 2211a
Hp	M2u86b Firmware	< 2211a
Hp	M2u86c Firmware	< 2211a
Hp	M2u87a Firmware	< 2211a
Hp	M2u87b Firmware	< 2211a
Hp	M2u88b Firmware	< 2211a
Hp	M2u89b Firmware	< 2211a
Hp	M2u76a Firmware	< 2211c
Hp	M2u77a Firmware	< 2211c
Hp	5se522a Firmware	< 001.2214a
Hp	5sd78a Firmware	< 001.2214a
Hp	5sd79a Firmware	< 001.2214a
Hp	M2u85b Firmware	< 2211c
Hp	Z4a59a Firmware	< 2211c
Hp	Z4a71a Firmware	< 2211c
Hp	M2u91b Firmware	< 2211c
Hp	Z4a69a Firmware	< 2211c
Hp	M2u92b Firmware	< 2211c
Hp	Z4a70a Firmware	< 2211c
Hp	M2u94b Firmware	< 2211c
Hp	Z4a73a Firmware	< 2211c
Hp	Z4a74a Firmware	< 2211c
Hp	M2u91a Firmware	< 2211c
Hp	M2u92a Firmware	< 2211c
Hp	M2u85a Firmware	< 2211c
Hp	M2u94a Firmware	< 2211c
Hp	Z4a54a Firmware	< 2211c
Hp	Z4a60a Firmware	< 2211c
Hp	Z4a61a Firmware	< 2211c
Hp	Z4a61b Firmware	< 2211c
Hp	5se17a Firmware	< 001.2214b
Hp	6wd35a Firmware	< 001.2214b
Hp	7cz37a Firmware	< 001.2214b
Hp	5se18a Firmware	< 001.2214b
Hp	5se16a Firmware	< 001.2214b
Hp	5se19a Firmware	< 001.2214b
Hp	5se20a Firmware	< 001.2214b
Hp	8qq97a Firmware	< 001.2214b
Hp	8qq98a Firmware	< 001.2214b
Hp	8qq99a Firmware	< 001.2214b
Hp	223n6a Firmware	< 001.2216a
Hp	2k4v8a Firmware	< 001.2216a
Hp	2k4w1a Firmware	< 001.2216a
Hp	2k4w2a Firmware	< 001.2216a
Hp	223n2a Firmware	< 001.2216a
Hp	223n1a Firmware	< 001.2216a
Hp	223n5a Firmware	< 001.2216a
Hp	223n9a Firmware	< 001.2216a
Hp	223r6a Firmware	< 001.2216a
Hp	2k5l5a Firmware	< 001.2216a

Showing 50 of 300 affected configurations. See NVD for the full list.

References

https://support.hp.com/us-en/document/ish_6839789-6839813-16/hpsbpi03810Vendor Advisory
https://support.hp.com/us-en/document/ish_6839789-6839813-16/hpsbpi03810Vendor Advisory

Timeline

Published: Sep 26, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-28721?

Certain HP Print Products are potentially vulnerable to Remote Code Execution.

How severe is CVE-2022-28721?

CVE-2022-28721 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.

How do I fix CVE-2022-28721?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-28721?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST