Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0940

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2009-0940
Last Modified 13 Oct 2009 10:43:44
Published 18 Mar 2009 05:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2009-0940

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

Vulnerable Systems


References

VUPEN - ADV-2009-0754

BID - 34143

BUGTRAQ - 20090316 HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration

MISC - http://www.louhinetworks.fi/advisory/HP_20090317.txt

OSVDB - 52849

OSVDB - 52848

OSVDB - 52847

HP - HPSN-2009-001


Last Updated: 27 May 2016 10:50:25