Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 5/3/2016 1:59:44 AM

CVE Publication rate: 19.37

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 9.09
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2009-0941

Original release date: 03/18/2009
Last revised: 10/13/2009
Source: US-CERT/NIST

Overview

The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.6 HIGH
Impact Subscore: 10.0
Exploitability Subscore: 4.9
CVSS Version 2 Metrics:
Access Vector: Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity: High
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN
Name: ADV-2009-0754
External Source: BUGTRAQ
Name: 20090316 HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration
External Source: HP
Name: HPSN-2009-001
Type: Advisory
External Source: MISC
Name: http://www.louhinetworks.fi/advisory/HP_20090317.txt

Vulnerable software and versions

+ Configuration 1
+ OR
cpe:/h:hp:color_laserjet_1500
cpe:/h:hp:color_laserjet_2500n
cpe:/h:hp:laserjet_2300dn
cpe:/h:hp:color_laserjet_2500lse
cpe:/h:hp:laserjet_2200dtn
cpe:/h:hp:color_laserjet_2500l
cpe:/h:hp:color_laserjet_2500
cpe:/h:hp:color_laserjet_5550
cpe:/h:hp:color_laserjet_8500
cpe:/h:hp:color_laserjet_8550
cpe:/h:hp:color_laserjet
cpe:/h:hp:laserjet_2410:20070410_08.112.3
cpe:/h:hp:laserjet_2430
cpe:/h:hp:laserjet_2420:20070410_08.112.3
cpe:/h:hp:laserjet_2430:20070410_08.112.3
cpe:/h:hp:color_laserjet_9500mfp:20070719_05.011.2
cpe:/h:hp:laserjet_2200
cpe:/h:hp:color_laserjet_4370mfp:20081211_46.211.2
cpe:/h:hp:color_laserjet_2500tn
cpe:/h:hp:color_laserjet_4600
cpe:/h:hp:color_laserjet_9500_mfp
cpe:/h:hp:color_laserjet_4700
cpe:/h:hp:color_laserjet_4650
cpe:/h:hp:color_laserjet_9500
cpe:/h:hp:color_laserjet_4730_mfp
cpe:/h:hp:laserjet_4
cpe:/h:hp:laserjet_4000
cpe:/h:hp:laserjet_2600n
cpe:/h:hp:laserjet_2600c
cpe:/h:hp:laserjet_2500c
cpe:/h:hp:laserjet_4200ln
cpe:/h:hp:laserjet_4100mfp
cpe:/h:hp:laserjet_9000mfp
cpe:/h:hp:laserjet_4345_mfp
cpe:/h:hp:laserjet_4m_plus
cpe:/h:hp:laserjet_5
cpe:/h:hp:laserjet_5100
cpe:/h:hp:laserjet_5m
cpe:/h:hp:laserjet_2500
cpe:/h:hp:laserjet_4250:20080319_08.015.0
cpe:/h:hp:laserjet_4300
cpe:/h:hp:laserjet_4200
cpe:/h:hp:laserjet_4350:20080319_08.015.0
cpe:/h:hp:laserjet_5000:r.25.15
cpe:/h:hp:laserjet_9000_mfp
cpe:/h:hp:laserjet_9000
cpe:/h:hp:laserjet_3000
cpe:/h:hp:laserjet_4100_mfp
cpe:/h:hp:laserjet_9040mfp
cpe:/h:hp:laserjet_3700
cpe:/h:hp:laserjet_9040:20080204_08.110.0
cpe:/h:hp:laserjet_4345mfp:20081211_09.131.1
cpe:/h:hp:laserjet_5000:r.25.47
cpe:/h:hp:laserjet_5100:v.29.12
cpe:/h:hp:laserjet_5000
cpe:/h:hp:laserjet_4650dn
cpe:/h:hp:laserjet_5100dtn
cpe:/h:hp:laserjet_4050
cpe:/h:hp:laserjet_4000n
cpe:/h:hp:laserjet_4350dtn
cpe:/h:hp:laserjet_8150dn
cpe:/h:hp:laserjet_9500mfp
cpe:/h:hp:laserjet_9050:20080204_08.110.0
cpe:/h:hp:laserjet_9050mfp:20080204_08.110.0
cpe:/h:hp:laserjet_9050mfp
cpe:/h:hp:laserjet_9500
cpe:/h:hp:laserjet_9065
cpe:/h:hp:laserjet_9040mfp:20080204_08.110.0
cpe:/h:hp:laserjet_9050
cpe:/h:hp:laserjet_9055
cpe:/h:hp:laserjet_m5035_mfp
cpe:/h:hp:laserjet_m5025_mfp
cpe:/h:hp:laserjet_m3035_mfp
cpe:/h:hp:laserjet_m3027_mfp
cpe:/h:hp:laserjet_m4345_mfp
cpe:/h:hp:laserjet_9050_mfp
cpe:/h:hp:digital_senders
cpe:/h:hp:edgeline_printers
cpe:/h:hp:laserjet_m1522n_mfp
cpe:/h:hp:color_laserjet_2605dtn
cpe:/h:hp:color_mfp_cm8060:-:-:edgeline
cpe:/h:hp:color_mfp_cm8050:-:-:edgeline
cpe:/h:hp:9200c_digital_sender:-
cpe:/h:hp:8100c_digital_sender:-
cpe:/h:hp:9100c_digital_sender:-
cpe:/h:hp:9250c_digital_sender:-
cpe:/h:hp:color_laserjet_4600hdn
cpe:/h:hp:color_laserjet_4600dtn
cpe:/h:hp:color_laserjet_4600dn
cpe:/h:hp:color_laserjet_5500
cpe:/h:hp:laserjet_9040
cpe:/h:hp:laserjet_4200dtn
cpe:/h:hp:laserjet_p1005
cpe:/h:hp:laserjet_p1006
cpe:/h:hp:laserjet_p1007
cpe:/h:hp:laserjet_p1008
cpe:/h:hp:laserjet_p1009
cpe:/h:hp:laserjet_p1505
cpe:/h:hp:laserjet_p1505n
cpe:/h:hp:laserjet_p2010
cpe:/h:hp:laserjet_p2015
cpe:/h:hp:laserjet_p2030
cpe:/h:hp:laserjet_p3005
cpe:/h:hp:laserjet_p4014
cpe:/h:hp:laserjet_p4015
cpe:/h:hp:laserjet_p4510
cpe:/h:hp:laserjet_p4500
cpe:/h:hp:laserjet_p4010
cpe:/h:hp:laserjet_p3000
cpe:/h:hp:laserjet_p2000
cpe:/h:hp:laserjet_p1500
cpe:/h:hp:laserjet_p1000
cpe:/h:hp:laserjet_1000
cpe:/h:hp:laserjet_1005
cpe:/h:hp:laserjet_1010
cpe:/h:hp:laserjet_1012
cpe:/h:hp:laserjet_1015
cpe:/h:hp:laserjet_1018
cpe:/h:hp:laserjet_1018s
cpe:/h:hp:laserjet_1020
cpe:/h:hp:laserjet_1022
cpe:/h:hp:laserjet_1022n
cpe:/h:hp:laserjet_1022nw
cpe:/h:hp:laserjet_1020_plus
cpe:/h:hp:laserjet_1100
cpe:/h:hp:laserjet_1150
cpe:/h:hp:laserjet_1160
cpe:/h:hp:laserjet_1200
cpe:/h:hp:laserjet_1300
cpe:/h:hp:laserjet_1320
cpe:/h:hp:laserjet_2000
cpe:/h:hp:laserjet_2100
cpe:/h:hp:laserjet_2300
cpe:/h:hp:laserjet_2400
cpe:/h:hp:laserjet_4100
cpe:/h:hp:laserjet_4240
cpe:/h:hp:laserjet_4240n
cpe:/h:hp:laserjet_4250
cpe:/h:hp:laserjet_4350
cpe:/h:hp:laserjet_5200
cpe:/h:hp:laserjet_8000
cpe:/h:hp:laserjet_8100
cpe:/h:hp:laserjet_8150
cpe:/h:hp:laserjet_p2050
cpe:/h:hp:laserjet_5%2fm%2fn
cpe:/h:hp:laserjet_2
cpe:/h:hp:laserjet_500_plus
cpe:/h:hp:laserjet_iid
cpe:/h:hp:laserjet_iip_plus
cpe:/h:hp:laserjet_iip
cpe:/h:hp:laserjet_ii
cpe:/h:hp:laserjet_iiisi
cpe:/h:hp:laserjet_iiip
cpe:/h:hp:laserjet_iiid
cpe:/h:hp:laserjet_iii
cpe:/h:hp:laserjet_4p%2fmp
cpe:/h:hp:laserjet_4si
cpe:/h:hp:laserjet_4l%2fml
cpe:/h:hp:laserjet_4%2f4m
cpe:/h:hp:laserjet_4_plus%2fm_plus
cpe:/h:hp:laserjet_4v%2fmv
cpe:/h:hp:laserjet_5si
cpe:/h:hp:laserjet_5l
cpe:/h:hp:laserjet_5p%2fmp

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
  • Permissions, Privileges, and Access Control (CWE-264)