Details of VAR-200303-0126

ID

VAR-200303-0126

TITLE

HP JetDirect Printer SNMP JetAdmin Device Password Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2003-0637 // BID: 7001

DESCRIPTION

The JetDirect printer is a printer with integrated network capabilities developed by Hewlett Packard. The HP JetDirect printer does not properly handle certain SNMP GET requests, which can be exploited by remote attackers to obtain printer device passwords and change printer settings. The attacker sends a special SNMP GET request to the printer with this vulnerability. The printer returns a hexadecimal device password to the requester, which allows the remote user to access and change the printer's configuration settings. This vulnerability is different from the \"HP JetDirect Printer SNMP GET Get Administrator Password Remote Vulnerability\" ( http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=3172 ). The requested OID is different. It has been reported that HP JetDirect printers leak the web JetAdmin device password under some circumstances

Trust: 0.81

sources: CNVD: CNVD-2003-0637 // BID: 7001

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-0637

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	jetdirect	scope:	eq	version:	300.0x	Trust: 0.3
vendor:	hp	model:	jetdirect j3263a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3113a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3110a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j2591a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j2552b	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j2552a	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2003-0637 // BID: 7001

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-0637
value:	LOW
Trust: 0.6

CNVD:	CNVD-2003-0637
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-0637

THREAT TYPE

network

Trust: 0.3

sources: BID: 7001

TYPE

Design Error

Trust: 0.3

sources: BID: 7001

PATCH

title:

Patch for HP JetDirect Printer SNMP JetAdmin Device Password Disclosure Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/42055

Trust: 0.6

sources: CNVD: CNVD-2003-0637

EXTERNAL IDS

db:	BID	id:	7001	Trust: 0.9
db:	CNVD	id:	CNVD-2003-0637	Trust: 0.6

sources: CNVD: CNVD-2003-0637 // BID: 7001

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104670979906626&w=2	Trust: 0.6
url:	http://www.securityfocus.com/bid/7001	Trust: 0.6
url:	/archive/1/313618	Trust: 0.3

sources: CNVD: CNVD-2003-0637 // BID: 7001

CREDITS

Discovery of this vulnerability has been credited to Sven Pechler <helpdesk@tm.tue.nl>.

Trust: 0.3

sources: BID: 7001

SOURCES

db:	CNVD	id:	CNVD-2003-0637
db:	BID	id:	7001

LAST UPDATE DATE

2022-05-17T02:08:45.664000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-0637	date:	2014-01-20T00:00:00
db:	BID	id:	7001	date:	2003-03-03T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-0637	date:	2003-03-03T00:00:00
db:	BID	id:	7001	date:	2003-03-03T00:00:00