Vulnerability CVE-2018-5921


Published: 2018-10-03

Description:
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: HP
Product: J7x28a firmware 
Version: _2308214_000912;
Product: E6b71a firmware 
Version: _2308214_000908;
Product: Cc522a firmware 
Version: 2308214_000932;
Product: Cc523a firmware 
Version: 2308214_000932;
Product: Cc524a firmware 
Version: 2308214_000932;
Product: A2w77a firmware 
Version: 2308214_000930;
Product: A2w78a firmware 
Version: 2308214_000930;
Product: A2w79a firmware 
Version: 2308214_000930;
Product: D7p70a firmware 
Version: 2308214_000928;
Product: D7p71a firmware 
Version: 2308214_000928;
Product: A2w75a firmware 
Version: 2308214_000928;
Product: A2w76a firmware 
Version: 2308214_000928;
Product: Cd644a firmware 
Version: 2308214_000925;
Product: Cd645a firmware 
Version: 2308214_000925;
Product: Cd646a firmware 
Version: 2308214_000925;
Product: G1w41a firmware 
Version: 2308214_000923;
Product: L3u42a firmware 
Version: 2308214_000923;
Product: L3u43a firmware 
Version: 2308214_000923;
Product: G1w39a firmware 
Version: 2308214_000923;
Product: G1w40a firmware 
Version: 2308214_000923;
Product: Cf069a firmware 
Version: 2308214_000921;
Product: Cf066a firmware 
Version: 2308214_000921;
Product: Cf067a firmware 
Version: 2308214_000921;
Product: Cf068a firmware 
Version: 2308214_000921;
Product: Cz244a firmware 
Version: 2308214_000920;
Product: Cz245a firmware 
Version: 2308214_000920;
Product: Cf367a firmware 
Version: 2308214_000916;
Product: Cf116a firmware 
Version: 2308214_000913;
Product: Cf117a firmware 
Version: 2308214_000913;
Product: Cf118a firmware 
Version: 2308214_000913;
Product: B3g85a firmware 
Version: 2308214_000912;
Product: G1w46a firmware 
Version: 2308214_000910;
Product: G1w46v firmware 
Version: 2308214_000910;
Product: L3u44a firmware 
Version: 2308214_000910;
Product: G1w47a firmware 
Version: 2308214_000910;
Product: G1w47v firmware 
Version: 2308214_000910;
Product: B5l46a firmware 
Version: 2308214_000909;
Product: B5l47a firmware 
Version: 2308214_000909;
Product: B5l48a firmware 
Version: 2308214_000909;
Product: E6b73a firmware 
Version: 2308214_000908;
Product: B5l26a firmware 
Version: 2308214_000907;
Product: C2s11a firmware 
Version: 2308214_000906;
Product: C2s12a firmware 
Version: 2308214_000906;
Product: F2a76a firmware 
Version: 2308214_000905;
Product: F2a77a firmware 
Version: 2308214_000905;
Product: F2a81a firmware 
Version: 2308214_000905;
Product: B5l07a firmware 
Version: 2308214_000902;
Product: B5l04a firmware 
Version: 2308214_000902;
Product: B5l05a firmware 
Version: 2308214_000902;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://support.hp.com/us-en/document/c05949322

Related CVE
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...
CVE-2018-18593
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10...
CVE-2018-7116
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7115
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installe...
CVE-2018-7111
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is th...
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.

Copyright 2019, cxsecurity.com

 

Back to Top