Vulnerability CVE-2013-4828


Published: 2013-10-04   Modified: 2013-10-07

Description:
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors.

Type:

CWE-310

(Cryptographic Issues)

Vendor: HP
Product: Color laserjet m775dn 
Product: Color laserjet cm4540 
Product: Laserjet m725dn 
Product: Laserjet m4555f 
Product: Color laserjet m775z 
Product: Color laserjet cm4540fskm 
Product: Laserjet m725z 
Product: Laserjet m4555h 
Product: Laserjet enterprise color flow m575c 
Product: Color laserjet m575f 
Product: Scanjet enterprise 8500fn1 
Product: Laserjet m525f 
Product: Laserjet m4555 
Product: Color laserjet m775f 
Product: Color laserjet cm4540f 
Product: Laserjet m725f 
Product: Laserjet m4555fskm 
Product: Color laserjet m775z+ 
Product: Color laserjet m575dn 
Product: Laserjet m725z+ 
Product: Laserjet m525dn 
Product: Laserjet flow m525c 

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014

Related CVE
CVE-2019-6329
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
CVE-2019-6328
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-11986
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11985
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11984
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11983
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11982
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11980
A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Copyright 2019, cxsecurity.com

 

Back to Top