1. Home
  2. Vulnerabilities
  3. CVE-2023-4063
5.3
MEDIUM CVSS 3.1
CVE-2023-4063
HP OfficeJet Pro Printer Denial of Service Vulnerability
Description

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.

INFO

Published Date :

March 22, 2024, 6:15 p.m.

Last Modified :

Feb. 20, 2026, 9:16 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2023-4063 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hp 1kr46a_firmware
2 Hp 3uk83a_firmware
3 Hp 1kr49a_firmware
4 Hp 1kr42a_firmware
5 Hp 1kr45a_firmware
6 Hp 3uk84a_firmware
7 Hp 1kr48a_firmware
8 Hp 1kr54a_firmware
9 Hp 1kr55a_firmware
10 Hp 1mr78a_firmware
11 Hp 1mr66a_firmware
12 Hp 1mr67a_firmware
13 Hp 1mr69a_firmware
14 Hp 1mr70a_firmware
15 Hp 1mr71a_firmware
16 Hp 1mr72a_firmware
17 Hp 1mr73a_firmware
18 Hp 1mr74a_firmware
19 Hp 1mr75a_firmware
20 Hp 1mr76a_firmware
21 Hp 1mr77a_firmware
22 Hp 1mr68a_firmware
23 Hp 1mr79a_firmware
24 Hp 1kr46a
25 Hp 3uk83a
26 Hp 1kr49a
27 Hp 1kr42a
28 Hp 1kr45a
29 Hp 3uk84a
30 Hp 1kr48a
31 Hp 1kr54a
32 Hp 1kr55a
33 Hp 1mr78a
34 Hp 1mr66a
35 Hp 1mr67a
36 Hp 1mr69a
37 Hp 1mr70a
38 Hp 1mr71a
39 Hp 1mr72a
40 Hp 1mr73a
41 Hp 1mr74a
42 Hp 1mr75a
43 Hp 1mr76a
44 Hp 1mr77a
45 Hp 1mr68a
46 Hp 1mr79a
47 Hp 1kr55b_firmware
48 Hp 1kr55b
49 Hp 1kr55d_firmware
50 Hp 1kr55d
51 Hp 1mr69c_firmware
52 Hp 1mr69c
53 Hp 1mr73d_firmware
54 Hp 1mr73d
55 Hp 1mr78b_firmware
56 Hp 1mr78b
57 Hp 1mr80d_firmware
58 Hp 1mr80d
59 Hp 3uk83b_firmware
60 Hp 3uk83b
61 Hp 3uk85d_firmware
62 Hp 3uk85d
63 Hp 3uk86b_firmware
64 Hp 3uk86b
65 Hp 3uk90d_firmware
66 Hp 3uk90d
67 Hp 3uk91b_firmware
68 Hp 3uk91b
69 Hp 3uk93d_firmware
70 Hp 3uk93d
71 Hp 3uk96d_firmware
72 Hp 3uk96d
73 Hp 3uk97d_firmware
74 Hp 3uk97d
75 Hp 3uk98d_firmware
76 Hp 3uk98d
77 Hp 3uk99d_firmware
78 Hp 3uk99d
79 Hp 3ul00d_firmware
80 Hp 3ul00d
81 Hp 3ul05b_firmware
82 Hp 3ul05b
83 Hp y8m28d_firmware
84 Hp y8m28d
: Total Affected Vendor : 1 | Products : 84
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM 134c704f-9b21-4f2e-91b3-4a467353bcc0
Public PoC/Exploit Available at Github

CVE-2023-4063 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-4063.

URL Resource
https://support.hp.com/us-en/document/ish_10321463-10321488-16/hpsbpi03927 Vendor Advisory
https://support.hp.com/us-en/document/ish_10321463-10321488-16/hpsbpi03927 Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-4063 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-4063 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
NaInSec/CVE-LIST

Ini adalah repository kumpulan CVE v.5

allcve cve cvelist newcve

Updated: 1 year, 6 months ago
2 stars 0 fork 0 watcher
Born at : March 24, 2024, 3:01 p.m. This repo has been linked 1214 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-4063 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-4063 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 20, 2026

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr42a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr42a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr45a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr45a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr46a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr46a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr48a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr48a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr49a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr49a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr54a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr54a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr55a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr55a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr55b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr55b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1kr55d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1kr55d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr66a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr66a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr67a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr67a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr68a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr68a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr69a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr69a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr69c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr69c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr70a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr70a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr71a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr71a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr72a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr72a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr73a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr73a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr73d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr73d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr74a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr74a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr75a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr75a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr76a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr76a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr77a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr77a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr78a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr78a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr78b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr78b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr79a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr79a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:1mr80d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:1mr80d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk83a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk83a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk83b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk83b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk84a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk84a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk85d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk85d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk86b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk86b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk90d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk90d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk91b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk91b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk93d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk93d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk96d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk96d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk97d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk97d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk98d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk98d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3uk99d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3uk99d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3ul00d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3ul00d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:3ul05b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:3ul05b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:y8m28d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 002.2349a OR cpe:2.3:h:hp:y8m28d:-:*:*:*:*:*:*:*
    Added Reference Type HP Inc.: https://support.hp.com/us-en/document/ish_10321463-10321488-16/hpsbpi03927 Types: Vendor Advisory
    Added Reference Type CVE: https://support.hp.com/us-en/document/ish_10321463-10321488-16/hpsbpi03927 Types: Vendor Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Mar. 28, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
    Added CWE CWE-400
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://support.hp.com/us-en/document/ish_10321463-10321488-16/hpsbpi03927
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by [email protected]

    Mar. 22, 2024

    Action Type Old Value New Value
    Added Description Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.
    Added Reference HP Inc. https://support.hp.com/us-en/document/ish_10321463-10321488-16/hpsbpi03927 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.3
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact