Lucene search
HistoryOct 03, 2018 - 8:29 p.m.
CVE-2018-5921
security
vulnerability
hp
printers
mfps
cross site request forgery
cve-2018-5921
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.7%
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.
Affected configurations
Node
hpf2a70a_firmwareRange<2405129_000052
hpf2a70aMatch-
Node
hpf2a71a_firmwareRange<2405129_000052
hpf2a71aMatch-
Node
hpf2a67a_firmwareRange<2405129_000052
hpf2a67aMatch-
Node
hpb5l26a_firmwareRange<2405129_000056
hpb5l26aMatch-
Node
hpb5l39a_firmwareRange<2405129_000056
hpb5l39aMatch-
Node
hpc2s11a_firmwareRange<2405129_000055
hpc2s11aMatch-
Node
hpc2s11v_firmwareRange<2405129_000055
hpc2s11vMatch-
Node
hpc2s12a_firmwareRange<2405129_000055
hpc2s12aMatch-
Node
hpc2s12v_firmwareRange<2405129_000055
hpc2s12vMatch-
Node
hpl1h45a_firmwareRange<2405129_000055
hpl1h45aMatch-
Node
hpg1w46a_firmwareRange<2405129_000051
hpg1w46aMatch-
Node
hpg1w46v_firmwareRange<2405129_000051
hpg1w46vMatch-
Node
hpg1w47a_firmwareRange<2405129_000051
hpg1w47aMatch-
Node
hpg1w47v_firmwareRange<2405129_000051
hpg1w47vMatch-
Node
hpl3u44a_firmwareRange<2405129_000051
hpl3u44aMatch-
Node
hpl3u44a_firmwareRange<2405135_000394
hpl3u44aMatch-
Node
hpe6b71a_firmwareRange<2405129_000046
hpe6b71aMatch-
Node
hpe6b73a_firmwareRange<2405129_000046
hpe6b73aMatch-
Node
hpk0q14a_firmwareRange<2405130_000069
hpk0q14aMatch-
Node
hpk0q15a_firmwareRange<2405130_000069
hpk0q15aMatch-
Node
hpk0q17a_firmwareRange<2405130_000069
hpk0q17aMatch-
Node
hpk0q18a_firmwareRange<2405130_000069
hpk0q18aMatch-
Node
hpm0p32a_firmwareRange<2405130_000069
hpm0p32aMatch-
Node
hpk0q19a_firmwareRange<2405130_000069
hpk0q19aMatch-
Node
hpk0q20a_firmwareRange<2405130_000069
hpk0q20aMatch-
Node
hpk0q21a_firmwareRange<2405130_000069
hpk0q21aMatch-
Node
hpk0q22a_firmwareRange<2405130_000069
hpk0q22aMatch-
Node
hpm0p33a_firmwareRange<2405130_000069
hpm0p33aMatch-
Node
hpm0p35a_firmwareRange<2405130_000069
hpm0p35aMatch-
Node
hpm0p36a_firmwareRange<2405130_000069
hpm0p36aMatch-
Node
hpm0p39a_firmwareRange<2405130_000069
hpm0p39aMatch-
Node
hpm0p40a_firmwareRange<2405130_000069
hpm0p40aMatch-
Node
hph0dc9a_firmwareRange<2405129_000047
hph0dc9aMatch-
Node
hpl8z07a_firmwareRange<2405129_000047
hpl8z07aMatch-
Node
hpj7z98a_firmwareRange<2405130_000068
hpj7z98aMatch-
Node
hpj7z99a_firmwareRange<2405130_000068
hpj7z99aMatch-
Node
hpj8a04a_firmwareRange<2405130_000068
hpj8a04aMatch-
Node
hpj8a05a_firmwareRange<2405130_000068
hpj8a05aMatch-
Node
hpj8a06a_firmwareRange<2405130_000068
hpj8a06aMatch-
Node
hpl3u55a_firmwareRange<2405130_000068
hpl3u55aMatch-
Node
hpl3u56a_firmwareRange<2405130_000068
hpl3u56aMatch-
Node
hpl3u57a_firmwareRange<2405130_000068
hpl3u57aMatch-
Node
hpj7z04a_firmwareRange<2405087_018564
hpj7z04aMatch-
Node
hpj7z06a_firmwareRange<2405087_018564
hpj7z06aMatch-
Node
hpcz244a_firmwareRange<2405129_000059
hpcz244aMatch-
Node
hpa2w77a_firmwareRange<2405129_000057
hpa2w77aMatch-
Node
hpcz245a_firmwareRange<2405129_000059
hpcz245aMatch-
Node
hpa2w78a_firmwareRange<2405129_000057
hpa2w78aMatch-
Node
hpa2w79a_firmwareRange<2405129_000057
hpa2w79aMatch-
Node
hpd7p73a_firmwareRange<2405129_000057
hpd7p73aMatch-
Node
hpcf116a_firmwareRange<2405129_000048
hpcf116aMatch-
Node
hpcf117a_firmwareRange<2405129_000048
hpcf117aMatch-
Node
hpcf118a_firmwareRange<2405129_000048
hpcf118aMatch-
Node
hpl3u59a_firmwareRange<2405129_000048
hpl3u59a
Node
hpl3u60aRange<2405129_000048
hpl3u60a
Node
hpf2a76a_firmwareRange<2405129_000039
hpf2a76aMatch-
Node
hpf2a77a_firmwareRange<2405129_000039
hpf2a77aMatch-
Node
hpf2a81a_firmwareRange<2405129_000039
hpf2a81aMatch-
Node
hpf2a78v_firmwareRange<2405129_000039
hpf2a78vMatch-
Node
hpf2a79a_firmwareRange<2405129_000039
hpf2a79aMatch-
Node
hpf2a80a_firmwareRange<2405129_000039
hpf2a80aMatch-
Node
hpcd644a_firmwareRange<2405135_000409
hpcd644aMatch-
Node
hpcd645a_firmwareRange<2405135_000409
hpcd645aMatch-
Node
hpcd646a_firmwareRange<2405129_000045
hpcd646aMatch-
Node
hpl3u46a_firmwareRange<2405129_000045
hpl3u46aMatch-
Node
hpl3u45a_firmwareRange<2405129_000045
hpl3u45aMatch-
Node
hpb5l46a_firmwareRange<2405129_000038
hpb5l46aMatch-
Node
hpb5l47a_firmwareRange<2405129_000038
hpb5l47aMatch-
Node
hpb5l48a_firmwareRange<2405129_000038
hpb5l48aMatch-
Node
hpb5l54a_firmwareRange<2405129_000038
hpb5l54aMatch-
Node
hpb5l49a_firmwareRange<2405129_000038
hpb5l49aMatch-
Node
hpb5l50a_firmwareRange<2405129_000038
hpb5l50aMatch-
Node
hpb5l04a_firmwareRange<2405129_000050
hpb5l04aMatch-
Node
hpb5l05a_firmwareRange<2405129_000050
hpb5l05aMatch-
Node
hpb5l06a_firmwareRange<2405129_000050
hpb5l06aMatch-
Node
hpb5l07a_firmwareRange<2405129_000050
hpb5l07aMatch-
Node
hpl3u40a_firmwareRange<2405129_000050
hpl3u40aMatch-
Node
hpl3u41a_firmwareRange<2405129_000050
hpl3u41aMatch-
Node
hpg1w39a_firmwareRange<2405129_000066
hpg1w39aMatch-
Node
hpg1w39v_firmwareRange<2405129_000066
hpg1w39vMatch-
Node
hpg1w40a_firmwareRange<2405129_000066
hpg1w40aMatch-
Node
hpg1w40v_firmwareRange<2405129_000066
hpg1w40vMatch-
Node
hpg1w41a_firmwareRange<2405129_000066
hpg1w41aMatch-
Node
hpg1w41v_firmwareRange<2405129_000066
hpg1w41vMatch-
Node
hpl3u42a_firmwareRange<2405129_000066
hpl3u42aMatch-
Node
hpl3u43a_firmwareRange<2405129_000066
hpl3u43aMatch-
Node
hpb3g85a_firmwareRange<2405129_000040
hpb3g85aMatch-
Node
hpj7x28a_firmwareRange<2405129_000040
hpj7x28aMatch-
Node
hpb3g84a_firmwareRange<2405129_000040
hpb3g84aMatch-
Node
hpp7z47a_firmwareRange<2405129_000040
hpp7z47aMatch-
Node
hpb3g86a_firmwareRange<2405129_000040
hpb3g86aMatch-
Node
hpl3u61a_firmwareRange<2405129_000040
hpl3u61aMatch-
Node
hpl3u62a_firmwareRange<2405129_000040
hpl3u62aMatch-
Node
hpp7z48a_firmwareRange<2405129_000040
hpp7z48aMatch-
Node
hpj8j64a_firmwareRange<2405129_000041
hpj8j64aMatch-
Node
hpj8j63a_firmwareRange<2405129_000041
hpj8j63aMatch-
Node
hpj8j65a_firmwareRange<2405129_000041
hpj8j65aMatch-
Node
hpj8j70a_firmwareRange<2405129_000041
hpj8j70aMatch-
Node
hpj8j71a_firmwareRange<2405129_000041
hpj8j71aMatch-
Node
hpj8j72a_firmwareRange<2405129_000041
hpj8j72aMatch-
Node
hpj8j76a_firmwareRange<2405129_000041
hpj8j76aMatch-
Node
hpj8j78a_firmwareRange<2405129_000041
hpj8j78aMatch-
Node
hpj8j66a_firmwareRange<2405129_000041
hpj8j66aMatch-
Node
hpj8j67a_firmwareRange<2405129_000041
hpj8j67aMatch-
Node
hpj8j73a_firmwareRange<2405129_000041
hpj8j73aMatch-
Node
hpj8j74a_firmwareRange<2405129_000041
hpj8j74aMatch-
Node
hpj8j79a_firmwareRange<2405129_000041
hpj8j79aMatch-
Node
hpj8j80a_firmwareRange<2405129_000041
hpj8j80aMatch-
Node
hpcz248a_firmwareRange<2405129_000042
hpcz248aMatch-
Node
hpcz249a_firmwareRange<2405129_000042
hpcz249aMatch-
Node
hpcz250a_firmwareRange<2405129_000042
hpcz250aMatch-
Node
hpca251a_firmwareRange<2405129_000042
hpca251aMatch-
Node
hpl3u47a_firmwareRange<2405129_000042
hpl3u47aMatch-
Node
hpl3u48a_firmwareRange<2405129_000042
hpl3u48aMatch-
Node
hpj8a10a_firmwareRange<2405129_000037
hpj8a10aMatch-
Node
hpj8a11a_firmwareRange<2405129_000037
hpj8a11aMatch-
Node
hpj8a12a_firmwareRange<2405129_000037
hpj8a12aMatch-
Node
hpj8a13a_firmwareRange<2405129_000037
hpj8a13aMatch-
Node
hpj8a17a_firmwareRange<2405129_000037
hpj8a17aMatch-
Node
hpj8a16a_firmwareRange<2405129_000037
hpj8a16aMatch-
Node
hpl3u67a_firmwareRange<2405129_000037
hpl3u67aMatch-
Node
hpl3u70a_firmwareRange<2405129_000037
hpl3u70aMatch-
Node
hpl3u66a_firmwareRange<2405129_000037
hpl3u66aMatch-
Node
hpl3u69a_firmwareRange<2405129_000037
hpl3u69aMatch-
Node
hpcf066a_firmwareRange<2405129_000058
hpcf066aMatch-
Node
hpcf067a_firmwareRange<2405129_000058
hpcf067aMatch-
Node
hpcf068a_firmwareRange<2405129_000058
hpcf068aMatch-
Node
hpcf069a_firmwareRange<2405129_000058
hpcf069aMatch-
Node
hpl3u63a_firmwareRange<2405129_000058
hpl3u63aMatch-
Node
hpl3u64a_firmwareRange<2405129_000058
hpl3u64aMatch-
Node
hpcc522a_firmwareRange<2405135_000405
hpcc522aMatch-
Node
hpcc523a_firmwareRange<2405135_000405
hpcc523aMatch-
Node
hpcc524a_firmwareRange<2405135_000405
hpcc524aMatch-
Node
hpl3u49a_firmwareRange<2405135_000405
hpl3u49aMatch-
Node
hpl3u50a_firmwareRange<2405135_000405
hpl3u50aMatch-
Node
hpcf367a_firmwareRange<2405129_000060
hpcf367aMatch-
Node
hpd7p68a_firmwareRange<2405129_000060
hpd7p68aMatch-
Node
hpl3u65a_firmwareRange<2405129_000060
hpl3u65aMatch-
Node
hpa2w76a_firmwareRange<2405129_000054
hpa2w76aMatch-
Node
hpa2w75a_firmwareRange<2405129_000054
hpa2w75aMatch-
Node
hpd7p70a_firmwareRange<2405129_000054
hpd7p70aMatch-
Node
hpd7p71a_firmwareRange<2405129_000054
hpd7p71aMatch-
Node
hpd7p68a_firmwareRange<2405129_000054
hpd7p68aMatch-
Node
hpl3u51a_firmwareRange<2405129_000054
hpl3u51aMatch-
Node
hpl3u52a_firmwareRange<2405129_000054
hpl3u52aMatch-
Node
hpl3u65a_firmwareRange<2405129_000054
hpl3u65aMatch-
Node
hpx3a69a_firmwareRange<2405347_024815
hpx3a69aMatch-
Node
hpx3a68a_firmwareRange<2405347_024815
hpx3a68aMatch-
Node
hpz8z19a_firmwareRange<2405347_024815
hpz8z19aMatch-
Node
hpz8z18a_firmwareRange<2405347_024815
hpz8z18aMatch-
Node
hpx3a72a_firmwareRange<2405347_024815
hpx3a72aMatch-
Node
hpx3a71a_firmwareRange<2405347_024815
hpx3a71aMatch-
Node
hpz8z21a_firmwareRange<2405347_024815
hpz8z21aMatch-
Node
hpz8z20a_firmwareRange<2405347_024815
hpz8z20aMatch-
Node
hpx3a79a_firmwareRange<2405347_024815
hpx3a79aMatch-
Node
hpz8z23a_firmwareRange<2405347_024815
hpz8z23aMatch-
Node
hpz8z22a_firmwareRange<2405347_024815
hpz8z22aMatch-
Node
hpx3a75a_firmwareRange<2405347_024815
hpx3a75aMatch-
Node
hpx3a74a_firmwareRange<2405347_024815
hpx3a74aMatch-
Node
hpx3a59a_firmwareRange<2405347_024821
hpx3a59aMatch-
Node
hpx3a60a_firmwareRange<2405347_024821
hpx3a60aMatch-
Node
hpz8z06a_firmwareRange<2405347_024821
hpz8z06aMatch-
Node
hpz8z07a_firmwareRange<2405347_024821
hpz8z07aMatch-
Node
hpx3a62a_firmwareRange<2405347_024821
hpx3a62aMatch-
Node
hpx3a63a_firmwareRange<2405347_024821
hpx3a63aMatch-
Node
hpz8z09a_firmwareRange<2405347_024821
hpz8z09aMatch-
Node
hpz8z08a_firmwareRange<2405347_024821
hpz8z08aMatch-
Node
hpx3a65a_firmwareRange<2405347_024821
hpx3a65aMatch-
Node
hpx3a66a_firmwareRange<2405347_024821
hpx3a66aMatch-
Node
hpz8z11a_firmwareRange<2405347_024821
hpz8z11aMatch-
Node
hpz8z10a_firmwareRange<2405347_024821
hpz8z10aMatch-
Node
hpx3a87a_firmwareRange<2405347_024814
hpx3a87aMatch-
Node
hpx3a86a_firmwareRange<2405347_024814
hpx3a86aMatch-
Node
hpz8z12a_firmwareRange<2405347_024814
hpz8z12aMatch-
Node
hpz8z13a_firmwareRange<2405347_024814
hpz8z13aMatch-
Node
hpx3a90a_firmwareRange<2405347_024814
hpx3a90aMatch-
Node
hpx3a89a_firmwareRange<2405347_024814
hpx3a89aMatch-
Node
hpz8z14a_firmwareRange<2405347_024814
hpz8z14aMatch-
Node
hpz8z15a_firmwareRange<2405347_024814
hpz8z15aMatch-
Node
hpx3a92a_firmwareRange<2405347_024814
hpx3a92aMatch-
Node
hpx3a93a_firmwareRange<2405347_024814
hpx3a93aMatch-
Node
hpz8z16a_firmwareRange<2405347_024814
hpz8z16aMatch-
Node
hpz8z17a_firmwareRange<2405347_024814
hpz8z17aMatch-
Node
hpx3a78a_firmwareRange<2405347_024820
hpx3a78aMatch-
Node
hpx3a77a_firmwareRange<2405347_024820
hpx3a77aMatch-
Node
hpz8z00a_firmwareRange<2405347_024820
hpz8z00aMatch-
Node
hpz8z01a_firmwareRange<2405347_024820
hpz8z01aMatch-
Node
hpx3a81a_firmwareRange<2405347_024820
hpx3a81aMatch-
Node
hpx3a80a_firmwareRange<2405347_024820
hpx3a80aMatch-
Node
hpz8z02a_firmwareRange<2405347_024820
hpz8z02aMatch-
Node
hpz8z03a_firmwareRange<2405347_024820
hpz8z03aMatch-
Node
hpx3a84a_firmwareRange<2405347_024820
hpx3a84aMatch-
Node
hpx3a83a_firmwareRange<2405347_024820
hpx3a83aMatch-
Node
hpz8z05a_firmwareRange<2405347_024820
hpz8z05aMatch-
Node
hpz8z04a_firmwareRange<2405347_024820
hpz8z04aMatch-
Node
hpl2762a_firmwareRange<2405087_018553
hpl2762aMatch-
Node
hpl2683a_firmwareRange<2405087_018552
hpl2683aMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| hp:f2a70a_firmware | hp f2a70a firmware | lt | 2405129_000052 |
CNA Affected
[
{
"product": "Certain HP Enterprise Printers, HP PageWide Printers, and MFP Products",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "2405129_000052 and other firmware versions"
}
]
}
]References
Related
openvas
openvas
HP Printers CSRF Vulnerability (Oct 2018)
2018-10-09 00:00:00
hp
hp
prion
prion
Cross site request forgery (csrf)
2018-10-03 20:29:00
nvd
nvd
CVE-2018-5921
2018-10-03 20:29:18
cvelist
cvelist
CVE-2018-5921
2018-05-21 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.7%
Related for CVE-2018-5921