Vulnerability Details CVE-2009-0940
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.4%
CVSS Severity
CVSS v2 Score 5.1
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
- http://osvdb.org/52847
- http://osvdb.org/52848
- http://osvdb.org/52849
- http://www.louhinetworks.fi/advisory/HP_20090317.txt
- http://www.securityfocus.com/archive/1/501884/100/0/threaded
- http://www.securityfocus.com/bid/34143
- http://www.vupen.com/english/advisories/2009/0754
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
- http://osvdb.org/52847
- http://osvdb.org/52848
- http://osvdb.org/52849
- http://www.louhinetworks.fi/advisory/HP_20090317.txt
- http://www.securityfocus.com/archive/1/501884/100/0/threaded
- http://www.securityfocus.com/bid/34143
- http://www.vupen.com/english/advisories/2009/0754
Products affected by CVE-2009-0940
-
cpe:2.3:h:hp:8100c_digital_sender:-
-
cpe:2.3:h:hp:9100c_digital_sender:-
-
cpe:2.3:h:hp:9200c_digital_sender:-
-
cpe:2.3:h:hp:9250c_digital_sender:-
-
cpe:2.3:h:hp:color_laserjet:*
-
cpe:2.3:h:hp:color_laserjet_1500:-
-
cpe:2.3:h:hp:color_laserjet_2500:-
-
cpe:2.3:h:hp:color_laserjet_2500l:-
-
cpe:2.3:h:hp:color_laserjet_2500lse:-
-
cpe:2.3:h:hp:color_laserjet_2500n:-
-
cpe:2.3:h:hp:color_laserjet_2500tn:-
-
cpe:2.3:h:hp:color_laserjet_2605dtn:*
-
cpe:2.3:h:hp:color_laserjet_4370mfp:20081211_46.211.2
-
cpe:2.3:h:hp:color_laserjet_4600:-
-
cpe:2.3:h:hp:color_laserjet_4600dn:*
-
cpe:2.3:h:hp:color_laserjet_4600dtn:*
-
cpe:2.3:h:hp:color_laserjet_4600hdn:*
-
cpe:2.3:h:hp:color_laserjet_4650:-
-
cpe:2.3:h:hp:color_laserjet_4700:-
-
cpe:2.3:h:hp:color_laserjet_4700:q7492a
-
cpe:2.3:h:hp:color_laserjet_4730_mfp:-
-
cpe:2.3:h:hp:color_laserjet_4730_mfp:cb480a
-
cpe:2.3:h:hp:color_laserjet_5500:*
-
cpe:2.3:h:hp:color_laserjet_5550:-
-
cpe:2.3:h:hp:color_laserjet_5550:q3714a
-
cpe:2.3:h:hp:color_laserjet_8500:-
-
cpe:2.3:h:hp:color_laserjet_8550:-
-
cpe:2.3:h:hp:color_laserjet_9500:-
-
cpe:2.3:h:hp:color_laserjet_9500_mfp:-
-
cpe:2.3:h:hp:color_laserjet_9500_mfp:c8549a
-
cpe:2.3:h:hp:color_laserjet_9500mfp:20070719_05.011.2
-
cpe:2.3:h:hp:color_mfp_cm8050:-
-
cpe:2.3:h:hp:color_mfp_cm8060:-
-
cpe:2.3:h:hp:digital_senders:*
-
cpe:2.3:h:hp:edgeline_printers:*
-
cpe:2.3:h:hp:laserjet_1000:*
-
cpe:2.3:h:hp:laserjet_1005:*
-
cpe:2.3:h:hp:laserjet_1010:*
-
cpe:2.3:h:hp:laserjet_1012:*
-
cpe:2.3:h:hp:laserjet_1015:*
-
cpe:2.3:h:hp:laserjet_1018:*
-
cpe:2.3:h:hp:laserjet_1018s:*
-
cpe:2.3:h:hp:laserjet_1020:*
-
cpe:2.3:h:hp:laserjet_1020_plus:*
-
cpe:2.3:h:hp:laserjet_1022:*
-
cpe:2.3:h:hp:laserjet_1022n:*
-
cpe:2.3:h:hp:laserjet_1022nw:*
-
cpe:2.3:h:hp:laserjet_1100:*
-
cpe:2.3:h:hp:laserjet_1150:*
-
cpe:2.3:h:hp:laserjet_1160:*
-
cpe:2.3:h:hp:laserjet_1200:*
-
cpe:2.3:h:hp:laserjet_1300:*
-
cpe:2.3:h:hp:laserjet_1320:*
-
cpe:2.3:h:hp:laserjet_2000:*
-
cpe:2.3:h:hp:laserjet_2100:*
-
cpe:2.3:h:hp:laserjet_2200:-
-
cpe:2.3:h:hp:laserjet_2200dtn:-
-
cpe:2.3:h:hp:laserjet_2300:*
-
cpe:2.3:h:hp:laserjet_2300dn:-
-
cpe:2.3:h:hp:laserjet_2400:*
-
cpe:2.3:h:hp:laserjet_2410:20070410_08.112.3
-
cpe:2.3:h:hp:laserjet_2420:20070410_08.112.3
-
cpe:2.3:h:hp:laserjet_2430:-
-
cpe:2.3:h:hp:laserjet_2430:20070410_08.112.3
-
cpe:2.3:h:hp:laserjet_2500:-
-
cpe:2.3:h:hp:laserjet_2500c:-
-
cpe:2.3:h:hp:laserjet_2600c:-
-
cpe:2.3:h:hp:laserjet_2600n:-
-
cpe:2.3:h:hp:laserjet_2:*
-
cpe:2.3:h:hp:laserjet_3000:-
-
cpe:2.3:h:hp:laserjet_3700:-
-
cpe:2.3:h:hp:laserjet_4/4m:*
-
cpe:2.3:h:hp:laserjet_4000:-
-
cpe:2.3:h:hp:laserjet_4000n:-
-
cpe:2.3:h:hp:laserjet_4050:-
-
cpe:2.3:h:hp:laserjet_4100:-
-
cpe:2.3:h:hp:laserjet_4100_mfp:-
-
cpe:2.3:h:hp:laserjet_4100mfp:-
-
cpe:2.3:h:hp:laserjet_4200:-
-
cpe:2.3:h:hp:laserjet_4200dtn:*
-
cpe:2.3:h:hp:laserjet_4200ln:-
-
cpe:2.3:h:hp:laserjet_4240:q7785a
-
cpe:2.3:h:hp:laserjet_4240n:*
-
cpe:2.3:h:hp:laserjet_4250:20080319_08.015.0
-
cpe:2.3:h:hp:laserjet_4250:q5400a
-
cpe:2.3:h:hp:laserjet_4300:-
-
cpe:2.3:h:hp:laserjet_4345_mfp:-
-
cpe:2.3:h:hp:laserjet_4345_mfp:q3942a
-
cpe:2.3:h:hp:laserjet_4345mfp:20081211_09.131.1
-
cpe:2.3:h:hp:laserjet_4350:20080319_08.015.0
-
cpe:2.3:h:hp:laserjet_4350:q5407a
-
cpe:2.3:h:hp:laserjet_4350dtn:-
-
cpe:2.3:h:hp:laserjet_4650dn:-
-
cpe:2.3:h:hp:laserjet_4:-
-
cpe:2.3:h:hp:laserjet_4_plus/m_plus:*
-
cpe:2.3:h:hp:laserjet_4l/ml:*
-
cpe:2.3:h:hp:laserjet_4m_plus:-
-
cpe:2.3:h:hp:laserjet_4p/mp:*
-
cpe:2.3:h:hp:laserjet_4si:*
-
cpe:2.3:h:hp:laserjet_4v/mv:*
-
cpe:2.3:h:hp:laserjet_5/m/n:*
-
cpe:2.3:h:hp:laserjet_5000:-
-
cpe:2.3:h:hp:laserjet_5000:r.25.15
-
cpe:2.3:h:hp:laserjet_5000:r.25.47
-
cpe:2.3:h:hp:laserjet_500_plus:*
-
cpe:2.3:h:hp:laserjet_5100:-
-
cpe:2.3:h:hp:laserjet_5100:v.29.12
-
cpe:2.3:h:hp:laserjet_5100dtn:-
-
cpe:2.3:h:hp:laserjet_5200:*
-
cpe:2.3:h:hp:laserjet_5:-
-
cpe:2.3:h:hp:laserjet_5l:*
-
cpe:2.3:h:hp:laserjet_5m:-
-
cpe:2.3:h:hp:laserjet_5p/mp:*
-
cpe:2.3:h:hp:laserjet_5si:*
-
cpe:2.3:h:hp:laserjet_8000:*
-
cpe:2.3:h:hp:laserjet_8100:*
-
cpe:2.3:h:hp:laserjet_8150:-
-
cpe:2.3:h:hp:laserjet_8150dn:-
-
cpe:2.3:h:hp:laserjet_9000:-
-
cpe:2.3:h:hp:laserjet_9000_mfp:-
-
cpe:2.3:h:hp:laserjet_9000mfp:-
-
cpe:2.3:h:hp:laserjet_9040:20080204_08.110.0
-
cpe:2.3:h:hp:laserjet_9040:q7697a
-
cpe:2.3:h:hp:laserjet_9040mfp:-
-
cpe:2.3:h:hp:laserjet_9040mfp:20080204_08.110.0
-
cpe:2.3:h:hp:laserjet_9050:-
-
cpe:2.3:h:hp:laserjet_9050:20080204_08.110.0
-
cpe:2.3:h:hp:laserjet_9050:q7697a
-
cpe:2.3:h:hp:laserjet_9050_mfp:-
-
cpe:2.3:h:hp:laserjet_9050_mfp:q3721a
-
cpe:2.3:h:hp:laserjet_9050mfp:-
-
cpe:2.3:h:hp:laserjet_9050mfp:20080204_08.110.0
-
cpe:2.3:h:hp:laserjet_9055:-
-
cpe:2.3:h:hp:laserjet_9065:-
-
cpe:2.3:h:hp:laserjet_9500:-
-
cpe:2.3:h:hp:laserjet_9500mfp:-
-
cpe:2.3:h:hp:laserjet_ii:*
-
cpe:2.3:h:hp:laserjet_iid:*
-
cpe:2.3:h:hp:laserjet_iii:*
-
cpe:2.3:h:hp:laserjet_iiid:*
-
cpe:2.3:h:hp:laserjet_iiip:*
-
cpe:2.3:h:hp:laserjet_iiisi:*
-
cpe:2.3:h:hp:laserjet_iip:*
-
cpe:2.3:h:hp:laserjet_iip_plus:*
-
cpe:2.3:h:hp:laserjet_m1522n_mfp:*
-
cpe:2.3:h:hp:laserjet_m3027_mfp:-
-
cpe:2.3:h:hp:laserjet_m3027_mfp:cb416a
-
cpe:2.3:h:hp:laserjet_m3035_mfp:-
-
cpe:2.3:h:hp:laserjet_m3035_mfp:cb414a
-
cpe:2.3:h:hp:laserjet_m3035_mfp:cc519a
-
cpe:2.3:h:hp:laserjet_m4345_mfp:-
-
cpe:2.3:h:hp:laserjet_m4345_mfp:cb425a
-
cpe:2.3:h:hp:laserjet_m5025_mfp:-
-
cpe:2.3:h:hp:laserjet_m5025_mfp:q7840a
-
cpe:2.3:h:hp:laserjet_m5035_mfp:-
-
cpe:2.3:h:hp:laserjet_m5035_mfp:q7829a
-
cpe:2.3:h:hp:laserjet_p1000:*
-
cpe:2.3:h:hp:laserjet_p1005:*
-
cpe:2.3:h:hp:laserjet_p1006:*
-
cpe:2.3:h:hp:laserjet_p1007:*
-
cpe:2.3:h:hp:laserjet_p1008:*
-
cpe:2.3:h:hp:laserjet_p1009:*
-
cpe:2.3:h:hp:laserjet_p1500:*
-
cpe:2.3:h:hp:laserjet_p1505:*
-
cpe:2.3:h:hp:laserjet_p1505n:*
-
cpe:2.3:h:hp:laserjet_p2000:*
-
cpe:2.3:h:hp:laserjet_p2010:*
-
cpe:2.3:h:hp:laserjet_p2015:*
-
cpe:2.3:h:hp:laserjet_p2030:*
-
cpe:2.3:h:hp:laserjet_p2050:*
-
cpe:2.3:h:hp:laserjet_p3000:*
-
cpe:2.3:h:hp:laserjet_p3005:q7812a
-
cpe:2.3:h:hp:laserjet_p4010:*
-
cpe:2.3:h:hp:laserjet_p4014:cb507a
-
cpe:2.3:h:hp:laserjet_p4015:cb509a
-
cpe:2.3:h:hp:laserjet_p4500:*
-
cpe:2.3:h:hp:laserjet_p4510:*