CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.3%
Hewlett Packard (HP) printers store sensitive administrative account information in a variable that is served to any user that makes a certain SNMP request.
HP JetDirect-enabled printers are configurable via HTTP and Telnet and accept SNMP requests. These printers store the administrative account password in an SNMP variable that can be read by any remote user that knows the address of the printer and the location of the variable. The location of the variable is unchanging.
Attackers can obtain sensitive information and gain unauthorized access to the printer.
Apply a patch
Update to firmware version X.22.09 or later.
377003
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 15, 2002 Updated: August 06, 2002
Affected
Update to firmware version X.22.09 or later.
For more information please refer to:
HP Jetdirect Print Servers - Making HP Jetdirect Print Servers Secure on the Network
<http://www.hp.com/cposupport/networking/support_doc/bpj05999.html#P26_2431>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23377003 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.securityfocus.com/bid/5331>
Thanks to Phenoelit for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
CVE IDs: | CVE-2002-1048 |
---|---|
Severity Metric: | 1.71 Date Public: |