Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2244

HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.9, indicating it can be exploited remotely over the network but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 55 products from hp, from hp, from hp and 52 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2016, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2016-03-04T15:59:01.500

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	hp	a2w75a	-	No
Hardware	hp	a2w76a	-	No
Hardware	hp	a2w77a	-	No
Hardware	hp	a2w78a	-	No
Hardware	hp	a2w79a	-	No
Hardware	hp	b3g85a	-	No
Hardware	hp	b5l04a	-	No
Hardware	hp	b5l05a	-	No
Hardware	hp	b5l07a	-	No
Hardware	hp	c2s11a	-	No
Hardware	hp	c2s12a	-	No
Hardware	hp	ca251a	-	No
Hardware	hp	cc522a	-	No
Hardware	hp	cc523a	-	No
Hardware	hp	cc524a	-	No
Hardware	hp	cd644a	-	No
Hardware	hp	cd645a	-	No
Hardware	hp	cd646a	-	No
Hardware	hp	ce989a	-	No
Hardware	hp	ce990a	-	No
Hardware	hp	ce991a	-	No
Hardware	hp	ce992a	-	No
Hardware	hp	ce993a	-	No
Hardware	hp	ce994a	-	No
Hardware	hp	ce995a	-	No
Hardware	hp	ce996a	-	No
Hardware	hp	cf066a	-	No
Hardware	hp	cf067a	-	No
Hardware	hp	cf068a	-	No
Hardware	hp	cf069a	-	No
Hardware	hp	cf081a	-	No
Hardware	hp	cf082a	-	No
Hardware	hp	cf083a	-	No
Hardware	hp	cf116a	-	No
Hardware	hp	cf117a	-	No
Hardware	hp	cf118a	-	No
Hardware	hp	cf235a	-	No
Hardware	hp	cf236a	-	No
Hardware	hp	cf238a	-	No
Hardware	hp	cf367a	-	No
Hardware	hp	cz244a	-	No
Hardware	hp	cz245a	-	No
Hardware	hp	cz249a	-	No
Hardware	hp	cz250a	-	No
Hardware	hp	cz255a	-	No
Hardware	hp	cz256a	-	No
Hardware	hp	cz257a	-	No
Hardware	hp	cz258a	-	No
Hardware	hp	d3l08a	-	No
Hardware	hp	d3l09a	-	No
Hardware	hp	d3l10a	-	No
Hardware	hp	d7p70a	-	No
Hardware	hp	d7p71a	-	No
Hardware	hp	j7x28a	-	No
Operating System	hp	futuresmart_firmware	≤ 3.7	Yes

References

http://www.securitytracker.com/id/1035191 ([email protected])
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05030353 Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1035191 (af854a3a-2127-422b-91ae-364da2661108)
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05030353 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For hp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.