LiveActive security incident?Get immediate response
CVE Record

CVE-2021-3821: A potential security vulnerability has been identified for certain HP multifunction printers (MFPs).

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

CriticalCVSS 9.8Not KEV-listedUpdated
Glexia's TakeAutomated analysiscritical

Security readout for executives and security teams

Plain-English summary

Certain HP multifunction printers running HP Workpath solutions may be vulnerable to a denial-of-service condition. The CVSS score is critical, but the supplied description is sparse and does not confirm real-world exploitation. Organizations should identify exposed HP MFPs, confirm affected models through HP’s bulletin, and follow HP’s published guidance.

Executive priority

Prioritize this as a near-term infrastructure hygiene issue for printer fleets. Critical scoring warrants attention, but urgency should be driven by whether affected HP MFPs run Workpath and are reachable from untrusted or broad internal networks.

Technical view

CVE-2021-3821 affects certain HP MFPs using HP FutureSmart/Workpath solutions. The source description maps to CWE-400 and indicates potential denial of service. The provided CVSS vector is network-accessible, low complexity, unauthenticated, and no user interaction, but the public bundle does not provide exploit mechanics or detailed affected version data.

Likely exposure

Exposure is most likely where HP multifunction printers run HP Workpath solutions, especially if printer management or service interfaces are reachable from broad internal networks. Exact affected models and versions require HP bulletin verification.

Exploitation context

The bundle does not show CISA KEV listing or cited evidence of active exploitation. Treat exploit status as unconfirmed. The CVSS vector suggests remote unauthenticated reachability, but the sources provided do not include exploit details.

Researcher notes

Public details in the supplied bundle are limited. Avoid assuming confidentiality or integrity impact beyond the CVSS vector. The most important research task is mapping HP bulletin data to deployed models, versions, Workpath usage, and reachable printer services.

Mitigation direction

  • Review HP Security Bulletin HPSBPI03747 for affected models, versions, and vendor remediation.
  • Follow HP-published remediation only after confirming each device model and FutureSmart version.
  • Inventory HP MFPs running Workpath solutions and prioritize externally or broadly reachable devices.
  • Limit printer exposure to trusted administrative and application networks where operationally feasible.

Validation and detection

  • Match deployed HP MFP models and FutureSmart versions against HP bulletin HPSBPI03747.
  • Confirm whether HP Workpath solutions are installed or enabled on each potentially affected MFP.
  • Verify remediation status using HP-supported firmware or configuration evidence.
  • Check network access paths to printer management and service interfaces.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-400: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2021-3821 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Critical
CVSS
9.8 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
9.8CVSS 3.1CriticalCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H3.95.9Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

9.8Critical
CVSS 3.1 vector shape for CVE-2021-3821Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
HP Inc.HP FutureSmartSee HP Security Bulletin reference for affected versions.Listed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-400 · source CWE mapping

Uncontrolled Resource Consumption

Uncontrolled Resource Consumption represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.