Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

INFO

Published Date :

March 18, 2009, 9 p.m.

Last Modified :

Oct. 10, 2018, 7:32 p.m.

Remotely Exploitable :

Yes !

Impact Score :

6.4

Exploitability Score :

4.9
Affected Products

The following products are affected by CVE-2009-0940 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hp 9200c_digital_sender
2 Hp color_laserjet_4370mfp
3 Hp color_laserjet_9500mfp
4 Hp laserjet_2410
5 Hp laserjet_2420
6 Hp laserjet_2430
7 Hp laserjet_4250
8 Hp laserjet_4345mfp
9 Hp laserjet_4350
10 Hp laserjet_9040
11 Hp laserjet_9040mfp
12 Hp laserjet_9050
13 Hp laserjet_9050mfp
14 Hp 8100c_digital_sender
15 Hp 9100c_digital_sender
16 Hp 9250c_digital_sender
17 Hp color_laserjet
18 Hp color_laserjet_1500
19 Hp color_laserjet_2500
20 Hp color_laserjet_2500l
21 Hp color_laserjet_2500lse
22 Hp color_laserjet_2500n
23 Hp color_laserjet_2500tn
24 Hp color_laserjet_2605dtn
25 Hp color_laserjet_4600
26 Hp color_laserjet_4600dn
27 Hp color_laserjet_4600dtn
28 Hp color_laserjet_4600hdn
29 Hp color_laserjet_4650
30 Hp color_laserjet_4700
31 Hp color_laserjet_4730_mfp
32 Hp color_laserjet_5500
33 Hp color_laserjet_5550
34 Hp color_laserjet_8500
35 Hp color_laserjet_8550
36 Hp color_laserjet_9500
37 Hp color_laserjet_9500_mfp
38 Hp color_mfp_cm8050
39 Hp color_mfp_cm8060
40 Hp digital_senders
41 Hp edgeline_printers
42 Hp laserjet_1000
43 Hp laserjet_1005
44 Hp laserjet_1010
45 Hp laserjet_1012
46 Hp laserjet_1015
47 Hp laserjet_1018
48 Hp laserjet_1018s
49 Hp laserjet_1020
50 Hp laserjet_1020_plus
51 Hp laserjet_1022
52 Hp laserjet_1022n
53 Hp laserjet_1022nw
54 Hp laserjet_1100
55 Hp laserjet_1150
56 Hp laserjet_1160
57 Hp laserjet_1200
58 Hp laserjet_1300
59 Hp laserjet_1320
60 Hp laserjet_2
61 Hp laserjet_2000
62 Hp laserjet_2100
63 Hp laserjet_2200
64 Hp laserjet_2200dtn
65 Hp laserjet_2300
66 Hp laserjet_2300dn
67 Hp laserjet_2400
68 Hp laserjet_2500
69 Hp laserjet_2500c
70 Hp laserjet_2600c
71 Hp laserjet_2600n
72 Hp laserjet_3000
73 Hp laserjet_3700
74 Hp laserjet_4
75 Hp laserjet_4\/4m
76 Hp laserjet_4_plus\/m_plus
77 Hp laserjet_4000
78 Hp laserjet_4000n
79 Hp laserjet_4050
80 Hp laserjet_4100
81 Hp laserjet_4100_mfp
82 Hp laserjet_4100mfp
83 Hp laserjet_4200
84 Hp laserjet_4200dtn
85 Hp laserjet_4200ln
86 Hp laserjet_4240
87 Hp laserjet_4240n
88 Hp laserjet_4300
89 Hp laserjet_4345_mfp
90 Hp laserjet_4350dtn
91 Hp laserjet_4650dn
92 Hp laserjet_4l\/ml
93 Hp laserjet_4m_plus
94 Hp laserjet_4p\/mp
95 Hp laserjet_4si
96 Hp laserjet_4v\/mv
97 Hp laserjet_5
98 Hp laserjet_5\/m\/n
99 Hp laserjet_500_plus
100 Hp laserjet_5000
101 Hp laserjet_5100
102 Hp laserjet_5100dtn
103 Hp laserjet_5200
104 Hp laserjet_5l
105 Hp laserjet_5m
106 Hp laserjet_5p\/mp
107 Hp laserjet_5si
108 Hp laserjet_8000
109 Hp laserjet_8100
110 Hp laserjet_8150
111 Hp laserjet_8150dn
112 Hp laserjet_9000
113 Hp laserjet_9000_mfp
114 Hp laserjet_9000mfp
115 Hp laserjet_9050_mfp
116 Hp laserjet_9055
117 Hp laserjet_9065
118 Hp laserjet_9500
119 Hp laserjet_9500mfp
120 Hp laserjet_ii
121 Hp laserjet_iid
122 Hp laserjet_iii
123 Hp laserjet_iiid
124 Hp laserjet_iiip
125 Hp laserjet_iiisi
126 Hp laserjet_iip
127 Hp laserjet_iip_plus
128 Hp laserjet_m1522n_mfp
129 Hp laserjet_m3027_mfp
130 Hp laserjet_m3035_mfp
131 Hp laserjet_m4345_mfp
132 Hp laserjet_m5025_mfp
133 Hp laserjet_m5035_mfp
134 Hp laserjet_p1000
135 Hp laserjet_p1005
136 Hp laserjet_p1006
137 Hp laserjet_p1007
138 Hp laserjet_p1008
139 Hp laserjet_p1009
140 Hp laserjet_p1500
141 Hp laserjet_p1505
142 Hp laserjet_p1505n
143 Hp laserjet_p2000
144 Hp laserjet_p2010
145 Hp laserjet_p2015
146 Hp laserjet_p2030
147 Hp laserjet_p2050
148 Hp laserjet_p3000
149 Hp laserjet_p3005
150 Hp laserjet_p4010
151 Hp laserjet_p4014
152 Hp laserjet_p4015
153 Hp laserjet_p4500
154 Hp laserjet_p4510

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2009-0940 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2009-0940 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Oct. 10, 2018

    Action Type Old Value New Value
    Removed Reference http://www.securityfocus.com/archive/1/archive/1/501884/100/0/threaded [Exploit]
    Added Reference http://www.securityfocus.com/archive/1/501884/100/0/threaded [No Types Assigned]
  • Initial Analysis by [email protected]

    Mar. 19, 2009

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2009-0940 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2009-0940 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.73 }} 0.00%

score

0.77690

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability