{ "action": { "auto_issue_creation_allowed": false, "auto_patch_allowed": false, "auto_remediation_allowed": false, "external_execution_allowed": false, "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_review_required": false, "recommended_action": "review_official_sources" }, "affected": { "products": [ { "canonicalProduct": "w1a75a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a75a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a75a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a75a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "w1a76a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a76a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a76a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a76a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "w1a77a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a77a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a77a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a77a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "w1a78a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a78a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a78a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a78a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "w1a79a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a79a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a79a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a79a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "w1a80a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a80a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a80a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a80a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "w1a81a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a81a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a81a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a81a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "w1a82a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a82a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "w1a82a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "w1a82a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "laserjet_pro_m453_m454_w1y40a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "laserjet_pro_m453-m454_w1y40a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "laserjet_pro_m453_m454_w1y40a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "laserjet_pro_m453-m454_w1y40a", "purl": null, "vendor": "hp", "version": "-" }, { "canonicalProduct": "laserjet_pro_m453_m454_w1y41a_firmware", "canonicalVendor": "hp", "cpe": "cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "laserjet_pro_m453-m454_w1y41a_firmware", "purl": null, "vendor": "hp", "version": null }, { "canonicalProduct": "laserjet_pro_m453_m454_w1y41a", "canonicalVendor": "hp", "cpe": "cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "laserjet_pro_m453-m454_w1y41a", "purl": null, "vendor": "hp", "version": "-" } ], "source": "NVD CVE API 2.0", "status": "known" }, "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2023-35175/", "claims": [ { "id": "claim:defensive-priority-candidate", "source_ids": [], "status": "observed", "text": "This item is a defensive prioritization candidate.", "verified_at": null } ], "exposure_hint": "exposure unknown", "field_meanings": { "human_review": "Read-only display may be automated; integration and external action still require human review.", "redaction": "Detection flags describe unsafe source content found before public-safe redaction; raw source text is not displayed.", "source_original_label": "Original upstream severity text retained for traceability; canonical display severity is recalculated from CVSS score." }, "forecast_hooks": { "agent_use": "summarize_with_citations_only", "automation_allowed": false, "read_only": true, "watch_fields": [ "sources", "claims", "freshness", "severity", "affected" ] }, "freshness": { "generated_at": "2026-06-30T17:19:59.810875+00:00", "last_checked_at": null, "observed_at": "2026-06-30T17:18:54.352494+00:00", "status": "observed" }, "human_consequence": "An attacker may be able to run code or commands on affected systems.", "human_impact_label": "code execution review · privilege escalation risk", "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_risk_summary": "CVE-2023-35175 for hp / w1a75a_firmware: An attacker may be able to run code or commands on affected systems.", "id": "CVE-2023-35175", "impact_redaction": { "exploit_steps_removed": false, "payload_removed": false, "poc_removed": false, "source_derived_summary": true, "used_fallback_summary": false }, "impact_tags": [ "code execution review", "privilege boundary review" ], "public_human_impact": "Source describes code execution review · privilege escalation risk. Possible impact: An attacker may be able to run code or commands on affected systems.", "public_human_summary": "NVD: Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.", "public_human_what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.", "public_human_why_it_matters": "Source describes code execution review · privilege escalation risk. Possible impact: An attacker may be able to run code or commands on affected systems.; CVSS 9.8 (CRITICAL); EPSS percentile 76; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, Vendor Advisory.", "public_safe_summary": "NVD: Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.", "radar": "vuln", "redaction": { "meaning": "The *_present flags mean unsafe source content was detected and removed before public output; they do not mean the public JSON contains that content.", "payload_present": false, "poc_present": false, "public_summary_redacted": true, "raw_source_displayed": false, "unsafe_procedural_detail_present": false }, "redaction_notes": [ "source-published defensive context retained", "vulnerability class, impact, affected context, and remediation references remain displayable" ], "safety": { "attack_chain_included": false, "auto_remediation_allowed": false, "exploit_instructions_included": false, "external_execution_allowed": false, "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_review_required": false, "noindex_removal_allowed": true, "noindex_required": false, "private_gate_state": "released", "public_gate_state": "public_indexable_read_only", "public_launch_allowed": true, "read_only_static_data": true, "scan_functionality_included": false, "signal_radar_integration_allowed": false }, "schema_version": "v0.1", "severity": { "cvss_label": "CRITICAL", "label": "CRITICAL", "score": 9.8, "source": "NVD CVE API 2.0", "source_original_label": "medium" }, "source_copy_policy": { "allowed": "source-published defensive facts, vulnerability class, impact, affected context, version and remediation facts", "excluded": "exploit procedures, exploit strings, shell commands, scanner instructions, procedural bypass detail, and reproduction material", "summary": "Official or semi-official source descriptions may be summarized for defensive triage; exploit-enabling procedure is removed." }, "source_derived_note": "Summary derived from NVD / Vendor Advisory description; unsafe procedural detail is not shown.", "source_published_affected": "vendor/product: hp / w1a75a_firmware; affected version context: -", "source_published_description": "NVD: Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.", "source_published_evidence_refs": [ { "source": "NVD", "type": "source_description", "url": null }, { "source": "Vendor Advisory", "type": "source_description", "url": null }, { "source": "Vendor Advisory", "type": "reference", "url": "https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851" }, { "source": "Vendor Advisory", "type": "reference", "url": "https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851" }, { "source": "Official Reference", "type": "reference", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35175" } ], "source_published_impact": "Source describes code execution review · privilege escalation risk. Possible impact: An attacker may be able to run code or commands on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.", "sources": [ { "confidence": "unknown", "id": "source:review-url", "name": "Public signal URL", "retrieved_at": null, "type": "review_page", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35175" } ], "summary_for_agents": "Read-only defensive signal. Use sources, claims, freshness, and safety gates before summarizing. Do not infer missing source, claim, or freshness values.", "summary_for_humans": "NVD: Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.", "title": "CVE-2023-35175 defensive priority signal", "urgency_reasons": [ "CVSS CRITICAL", "affected product present", "vendor advisory present", "recent update", "remediation reference present" ], "what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.", "why_it_matters": "An attacker may be able to run code or commands on affected systems; CVSS 9.8 (CRITICAL); EPSS percentile 76; affected product context: hp / w1a75a_firmware; sources: NVD, Vendor Advisory." }