Lucene search

HpCVE-2019-6319

HistoryJan 09, 2020 - 8:15 p.m.

CVE-2019-6319

2020-01-0920:15:11

CWE-352

web.nvd.nist.gov

cve-2019-6319

hp deskjet

3630 all-in-one printers

firmware

csrf

dos

device misconfiguration

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

21.2%

JSON

HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.

Affected configurations

Nvd

Node

hpdeskjet_3630_f5s43a_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_f5s43aMatch-

Node

hpdeskjet_3630_f5s57a_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_f5s57aMatch-

Node

hpdeskjet_3630_k4t93a_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_k4t93aMatch-

Node

hpdeskjet_3630_k4t99c_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_k4t99cMatch-

Node

hpdeskjet_3630_k4u00b_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_k4u00bMatch-

Node

hpdeskjet_3630_k4u03b_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_k4u03bMatch-

Node

hpdeskjet_3630_v3f21a_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_v3f21aMatch-

Node

hpdeskjet_3630_v3f22a_firmwareRange<swp1fn1912br

AND

hpdeskjet_3630_v3f22aMatch-

VendorProductVersionCPE
hpdeskjet_3630_f5s43a_firmware*cpe:2.3:o:hp:deskjet_3630_f5s43a_firmware:*:*:*:*:*:*:*:*
hpdeskjet_3630_f5s43a-cpe:2.3:h:hp:deskjet_3630_f5s43a:-:*:*:*:*:*:*:*
hpdeskjet_3630_f5s57a_firmware*cpe:2.3:o:hp:deskjet_3630_f5s57a_firmware:*:*:*:*:*:*:*:*
hpdeskjet_3630_f5s57a-cpe:2.3:h:hp:deskjet_3630_f5s57a:-:*:*:*:*:*:*:*
hpdeskjet_3630_k4t93a_firmware*cpe:2.3:o:hp:deskjet_3630_k4t93a_firmware:*:*:*:*:*:*:*:*
hpdeskjet_3630_k4t93a-cpe:2.3:h:hp:deskjet_3630_k4t93a:-:*:*:*:*:*:*:*
hpdeskjet_3630_k4t99c_firmware*cpe:2.3:o:hp:deskjet_3630_k4t99c_firmware:*:*:*:*:*:*:*:*
hpdeskjet_3630_k4t99c-cpe:2.3:h:hp:deskjet_3630_k4t99c:-:*:*:*:*:*:*:*
hpdeskjet_3630_k4u00b_firmware*cpe:2.3:o:hp:deskjet_3630_k4u00b_firmware:*:*:*:*:*:*:*:*
hpdeskjet_3630_k4u00b-cpe:2.3:h:hp:deskjet_3630_k4u00b:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	deskjet_3630_f5s43a_firmware	*	cpe:2.3:o:hp:deskjet_3630_f5s43a_firmware::::::::
hp	deskjet_3630_f5s43a	-	cpe:2.3:h:hp:deskjet_3630_f5s43a:-:::::::*
hp	deskjet_3630_f5s57a_firmware	*	cpe:2.3:o:hp:deskjet_3630_f5s57a_firmware::::::::
hp	deskjet_3630_f5s57a	-	cpe:2.3:h:hp:deskjet_3630_f5s57a:-:::::::*
hp	deskjet_3630_k4t93a_firmware	*	cpe:2.3:o:hp:deskjet_3630_k4t93a_firmware::::::::
hp	deskjet_3630_k4t93a	-	cpe:2.3:h:hp:deskjet_3630_k4t93a:-:::::::*
hp	deskjet_3630_k4t99c_firmware	*	cpe:2.3:o:hp:deskjet_3630_k4t99c_firmware::::::::
hp	deskjet_3630_k4t99c	-	cpe:2.3:h:hp:deskjet_3630_k4t99c:-:::::::*
hp	deskjet_3630_k4u00b_firmware	*	cpe:2.3:o:hp:deskjet_3630_k4u00b_firmware::::::::
hp	deskjet_3630_k4u00b	-	cpe:2.3:h:hp:deskjet_3630_k4u00b:-:::::::*

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "HP DeskJet 3630 All-in-One Printer series",
    "vendor": "HP Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "F5S43A - F5S57A"
      },
      {
        "status": "affected",
        "version": "K4T93A - K4T99C"
      },
      {
        "status": "affected",
        "version": "K4U00B - K4U03B"
      },
      {
        "status": "affected",
        "version": "V3F21A - V3F22A"
      }
    ]
  }
]

References

support.hp.com/us-en/document/c06308143

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

21.2%

JSON

Related for CVE-2019-6319