CVE-2024-2301 - Vulnerability Details

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00171.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hp	Cz172a Cz172a Firmware Cz173a Cz173a Firmware Cz174a Cz174a Firmware Cz175a Cz175a Firmware Cz176a Cz176a Firmware Cz177a Cz177a Firmware Cz178a Cz178a Firmware Cz181a Cz181a Firmware Cz182a Cz182a Firmware Cz183a Cz183a Firmware Cz184a Cz184a Firmware Cz185a Cz185a Firmware Cz186a Cz186a Firmware Cz187a Cz187a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hp:cz181a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz181a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:cz182a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz182a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:cz187a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz187a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:cz183a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz183a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hp:cz172a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz172a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hp:cz173a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz173a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:cz176a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz176a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:cz177a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz177a:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hp:cz178a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz178a:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hp:cz174a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz174a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hp:cz175a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz175a:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hp:cz184a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz184a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hp:cz185a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz185a:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hp:cz186a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz186a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940

History

Mon, 26 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hp Hp cz172a Hp cz172a Firmware Hp cz173a Hp cz173a Firmware Hp cz174a Hp cz174a Firmware Hp cz175a Hp cz175a Firmware Hp cz176a Hp cz176a Firmware Hp cz177a Hp cz177a Firmware Hp cz178a Hp cz178a Firmware Hp cz181a Hp cz181a Firmware Hp cz182a Hp cz182a Firmware Hp cz183a Hp cz183a Firmware Hp cz184a Hp cz184a Firmware Hp cz185a Hp cz185a Firmware Hp cz186a Hp cz186a Firmware Hp cz187a Hp cz187a Firmware
CPEs		cpe:2.3:h:hp:cz172a:-:::::::* cpe:2.3:h:hp:cz173a:-:::::::* cpe:2.3:h:hp:cz174a:-:::::::* cpe:2.3:h:hp:cz175a:-:::::::* cpe:2.3:h:hp:cz176a:-:::::::* cpe:2.3:h:hp:cz177a:-:::::::* cpe:2.3:h:hp:cz178a:-:::::::* cpe:2.3:h:hp:cz181a:-:::::::* cpe:2.3:h:hp:cz182a:-:::::::* cpe:2.3:h:hp:cz183a:-:::::::* cpe:2.3:h:hp:cz184a:-:::::::* cpe:2.3:h:hp:cz185a:-:::::::* cpe:2.3:h:hp:cz186a:-:::::::* cpe:2.3:h:hp:cz187a:-:::::::* cpe:2.3:o:hp:cz172a_firmware:::::::: cpe:2.3:o:hp:cz173a_firmware:::::::: cpe:2.3:o:hp:cz174a_firmware:::::::: cpe:2.3:o:hp:cz175a_firmware:::::::: cpe:2.3:o:hp:cz176a_firmware:::::::: cpe:2.3:o:hp:cz177a_firmware:::::::: cpe:2.3:o:hp:cz178a_firmware:::::::: cpe:2.3:o:hp:cz181a_firmware:::::::: cpe:2.3:o:hp:cz182a_firmware:::::::: cpe:2.3:o:hp:cz183a_firmware:::::::: cpe:2.3:o:hp:cz184a_firmware:::::::: cpe:2.3:o:hp:cz185a_firmware:::::::: cpe:2.3:o:hp:cz186a_firmware:::::::: cpe:2.3:o:hp:cz187a_firmware::::::::
Vendors & Products		Hp Hp cz172a Hp cz172a Firmware Hp cz173a Hp cz173a Firmware Hp cz174a Hp cz174a Firmware Hp cz175a Hp cz175a Firmware Hp cz176a Hp cz176a Firmware Hp cz177a Hp cz177a Firmware Hp cz178a Hp cz178a Firmware Hp cz181a Hp cz181a Firmware Hp cz182a Hp cz182a Firmware Hp cz183a Hp cz183a Firmware Hp cz184a Hp cz184a Firmware Hp cz185a Hp cz185a Firmware Hp cz186a Hp cz186a Firmware Hp cz187a Hp cz187a Firmware

Fri, 14 Mar 2025 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-79
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2024-05-23T16:53:24.873Z

Updated: 2025-03-14T00:42:36.618Z

Reserved: 2024-03-07T19:37:08.839Z

Link: CVE-2024-2301

Vulnrichment

Updated: 2024-08-01T19:11:53.453Z

NVD

Status : Analyzed

Published: 2024-05-23T17:15:28.810

Modified: 2026-01-26T14:02:48.033

Link: CVE-2024-2301

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object