CVE-2023-27972

Name: CVE-2023-27972
Creator: NVD / NIST
Published: 2023-04-28T16:15:09.89+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.49%

Last modified Jun 25, 2026

CVE-2023-27972 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.. EPSS estimates a 1.49% chance of exploitation in the next 30 days.

Description

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.49%

70.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Hp	Laserjet Pro M304-M305 W1a46a Firmware	< 002_2310a
Hp	Laserjet Pro M304-M305 W1a47a Firmware	< 002_2310a
Hp	Laserjet Pro M304-M305 W1a48a Firmware	< 002_2310a
Hp	Laserjet Pro M304-M305 W1a66a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 93m22a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a51a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a52a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a53a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a56a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a57a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a58a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a59a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a60a Firmware	< 002_2310a
Hp	Laserjet Pro M404-M405 W1a63a Firmware	< 002_2310a
Hp	Laserjet Pro M453-M454 W1y40a Firmware	< 002_2310a
Hp	Laserjet Pro M453-M454 W1y41a Firmware	< 002_2310a
Hp	Laserjet Pro M453-M454 W1y43a Firmware	< 002_2310a
Hp	Laserjet Pro M453-M454 W1y44a Firmware	< 002_2310a
Hp	Laserjet Pro M453-M454 W1y45a Firmware	< 002_2310a
Hp	Laserjet Pro M453-M454 W1y46a Firmware	< 002_2310a
Hp	Laserjet Pro M453-M454 W1y47a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 F W1a29a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 F W1a30a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 F W1a32a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 F W1a34a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 F W1a35a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 F W1a38a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 W1a28a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 W1a31a Firmware	< 002_2310a
Hp	Laserjet Pro Mfp M428-M429 W1a33a Firmware	< 002_2310a
Hp	W1a75a Firmware	< 002_2310a
Hp	W1a76a Firmware	< 002_2310a
Hp	W1a77a Firmware	< 002_2310a
Hp	W1a78a Firmware	< 002_2310a
Hp	W1a79a Firmware	< 002_2310a
Hp	W1a80a Firmware	< 002_2310a
Hp	W1a81a Firmware	< 002_2310a
Hp	W1a82a Firmware	< 002_2310a

References

https://support.hp.com/us-en/document/ish_7920078-7920104-16/hpsbpi03840Vendor Advisory
https://support.hp.com/us-en/document/ish_7920078-7920104-16/hpsbpi03840Vendor Advisory

Timeline

Published: Apr 28, 2023
Last Modified: Jun 25, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2023-27972?

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

How severe is CVE-2023-27972?

CVE-2023-27972 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.49% probability of exploitation in the next 30 days.

How do I fix CVE-2023-27972?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-27972?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST