CVE-2019-6325

Published: Jun 17, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.

Affected (10)

Products: Hp: T6b80a Firmware, T6b83a Firmware, T6b81a Firmware, T6b82a Firmware, W2g54a Firmware, W2g55a Firmware, Y5s53a Firmware, Y5s55a Firmware, Y5s50a Firmware, Y5s54a Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b80a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b80a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b83a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b83a	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b81a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b81a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b82a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b82a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp W2g54a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp W2g54a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp W2g55a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp W2g55a	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s53a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s53a	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s55a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s55a	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s50a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s50a	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s54a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s54a	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://support.hp.com/us-en/document/c06356322

Source: hp-security-alert@hp.com

Vendor Advisory

https://support.hp.com/us-en/document/c06356322

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.