Strix
26.1K

CVE-2009-0940

UnknownEPSS 1.08%

Last modified

CVE-2009-0940 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

Metrics

EPSS Probability
1.08%

60.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Hp8100c Digital SenderAll versions
Hp9100c Digital SenderAll versions
Hp9200c Digital SenderAll versions
Hp9250c Digital SenderAll versions
HpColor LaserjetAll versions
HpColor Laserjet 1500All versions
HpColor Laserjet 2500All versions
HpColor Laserjet 2500lAll versions
HpColor Laserjet 2500lseAll versions
HpColor Laserjet 2500nAll versions
HpColor Laserjet 2500tnAll versions
HpColor Laserjet 2605dtnAll versions
HpColor Laserjet 4370mfp20081211_46.211.2
HpColor Laserjet 4600All versions
HpColor Laserjet 4600dnAll versions
HpColor Laserjet 4600dtnAll versions
HpColor Laserjet 4600hdnAll versions
HpColor Laserjet 4650All versions
HpColor Laserjet 4700All versions
HpColor Laserjet 4730 MfpAll versions
HpColor Laserjet 5500All versions
HpColor Laserjet 5550All versions
HpColor Laserjet 8500All versions
HpColor Laserjet 8550All versions
HpColor Laserjet 9500All versions
HpColor Laserjet 9500 MfpAll versions
HpColor Laserjet 9500mfp20070719_05.011.2
HpColor Mfp Cm8050All versions
HpColor Mfp Cm8060All versions
HpDigital SendersAll versions
HpEdgeline PrintersAll versions
HpLaserjet 1000All versions
HpLaserjet 1005All versions
HpLaserjet 1010All versions
HpLaserjet 1012All versions
HpLaserjet 1015All versions
HpLaserjet 1018All versions
HpLaserjet 1018sAll versions
HpLaserjet 1020All versions
HpLaserjet 1020 PlusAll versions
HpLaserjet 1022All versions
HpLaserjet 1022nAll versions
HpLaserjet 1022nwAll versions
HpLaserjet 1100All versions
HpLaserjet 1150All versions
HpLaserjet 1160All versions
HpLaserjet 1200All versions
HpLaserjet 1300All versions
HpLaserjet 1320All versions
HpLaserjet 2All versions

Showing 50 of 164 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-0940?
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
How severe is CVE-2009-0940?
Severity scoring for CVE-2009-0940 is pending analysis. The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0940?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0940?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST