CVE-2009-0940

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

Affected products

• HP / 8100c_digital_sender
• HP / 9100c_digital_sender
• HP / 9200c_digital_sender
• HP / 9250c_digital_sender
• HP / color_laserjet
• HP / color_laserjet_1500
• HP / color_laserjet_2500
• HP / color_laserjet_2500l
• HP / color_laserjet_2500lse
• HP / color_laserjet_2500n
• HP / color_laserjet_2500tn
• HP / color_laserjet_2605dtn
• HP / color_laserjet_4370mfp20081211_46.211.2 – 20081211_46.211.2
• HP / color_laserjet_4600
• HP / color_laserjet_4600dn
• HP / color_laserjet_4600dtn
• HP / color_laserjet_4600hdn
• HP / color_laserjet_4650
• HP / color_laserjet_4700
• HP / color_laserjet_4730_mfp
• HP / color_laserjet_5500
• HP / color_laserjet_5550
• HP / color_laserjet_8500
• HP / color_laserjet_8550
• HP / color_laserjet_9500
• HP / color_laserjet_9500_mfp
• HP / color_laserjet_9500mfp20070719_05.011.2 – 20070719_05.011.2
• HP / color_mfp_cm8050
• HP / color_mfp_cm8060
• HP / digital_senders
• HP / edgeline_printers
• HP / laserjet_1000
• HP / laserjet_1005
• HP / laserjet_1010
• HP / laserjet_1012
• HP / laserjet_1015
• HP / laserjet_1018
• HP / laserjet_1018s
• HP / laserjet_1020
• HP / laserjet_1020_plus
• HP / laserjet_1022
• HP / laserjet_1022n
• HP / laserjet_1022nw
• HP / laserjet_1100
• HP / laserjet_1150
• HP / laserjet_1160
• HP / laserjet_1200
• HP / laserjet_1300
• HP / laserjet_1320
• HP / laserjet_2
• HP / laserjet_2000
• HP / laserjet_2100
• HP / laserjet_2200
• HP / laserjet_2200dtn
• HP / laserjet_2300
• HP / laserjet_2300dn
• HP / laserjet_2400
• HP / laserjet_241020070410_08.112.3 – 20070410_08.112.3
• HP / laserjet_242020070410_08.112.3 – 20070410_08.112.3
• HP / laserjet_2430
• HP / laserjet_243020070410_08.112.3 – 20070410_08.112.3
• HP / laserjet_2500
• HP / laserjet_2500c
• HP / laserjet_2600c
• HP / laserjet_2600n
• HP / laserjet_3000
• HP / laserjet_3700
• HP / laserjet_4
• HP / laserjet_4000
• HP / laserjet_4000n
• HP / laserjet_4050
• HP / laserjet_4100
• HP / laserjet_4100_mfp
• HP / laserjet_4100mfp
• HP / laserjet_4200
• HP / laserjet_4200dtn
• HP / laserjet_4200ln
• HP / laserjet_4240
• HP / laserjet_4240n
• HP / laserjet_425020080319_08.015.0 – 20080319_08.015.0
• HP / laserjet_4250
• HP / laserjet_4300
• HP / laserjet_4345_mfp
• HP / laserjet_4345mfp20081211_09.131.1 – 20081211_09.131.1
• HP / laserjet_4350
• HP / laserjet_435020080319_08.015.0 – 20080319_08.015.0
• HP / laserjet_4350dtn
• HP / laserjet_4/4m
• HP / laserjet_4650dn
• HP / laserjet_4l/ml
• HP / laserjet_4m_plus
• HP / laserjet_4_plus/m_plus
• HP / laserjet_4p/mp
• HP / laserjet_4si
• HP / laserjet_4v/mv
• HP / laserjet_5
• HP / laserjet_5000r.25.15 – r.25.15
• HP / laserjet_5000r.25.47 – r.25.47
• HP / laserjet_5000
• HP / laserjet_500_plus
• HP / laserjet_5100v.29.12 – v.29.12
• HP / laserjet_5100
• HP / laserjet_5100dtn
• HP / laserjet_5200
• HP / laserjet_5l
• HP / laserjet_5m
• HP / laserjet_5/m/n
• HP / laserjet_5p/mp
• HP / laserjet_5si
• HP / laserjet_8000
• HP / laserjet_8100
• HP / laserjet_8150
• HP / laserjet_8150dn
• HP / laserjet_9000
• HP / laserjet_9000_mfp
• HP / laserjet_9000mfp
• HP / laserjet_9040
• HP / laserjet_904020080204_08.110.0 – 20080204_08.110.0
• HP / laserjet_9040mfp
• HP / laserjet_9040mfp20080204_08.110.0 – 20080204_08.110.0
• HP / laserjet_9050
• HP / laserjet_905020080204_08.110.0 – 20080204_08.110.0
• HP / laserjet_9050_mfp
• HP / laserjet_9050mfp
• HP / laserjet_9050mfp20080204_08.110.0 – 20080204_08.110.0
• HP / laserjet_9055
• HP / laserjet_9065
• HP / laserjet_9500
• HP / laserjet_9500mfp
• HP / laserjet_ii
• HP / laserjet_iid
• HP / laserjet_iii
• HP / laserjet_iiid
• HP / laserjet_iiip
• HP / laserjet_iiisi
• HP / laserjet_iip
• HP / laserjet_iip_plus
• HP / laserjet_m1522n_mfp
• HP / laserjet_m3027_mfp
• HP / laserjet_m3035_mfp
• HP / laserjet_m4345_mfp
• HP / laserjet_m5025_mfp
• HP / laserjet_m5035_mfp
• HP / laserjet_p1000
• HP / laserjet_p1005
• HP / laserjet_p1006
• HP / laserjet_p1007
• HP / laserjet_p1008
• HP / laserjet_p1009
• HP / laserjet_p1500
• HP / laserjet_p1505
• HP / laserjet_p1505n
• HP / laserjet_p2000
• HP / laserjet_p2010
• HP / laserjet_p2015
• HP / laserjet_p2030
• HP / laserjet_p2050
• HP / laserjet_p3000
• HP / laserjet_p3005
• HP / laserjet_p4010
• HP / laserjet_p4014
• HP / laserjet_p4015
• HP / laserjet_p4500
• HP / laserjet_p4510

References

• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/0754
• MISChttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
• MISChttp://osvdb.org/52848
• MISChttp://www.securityfocus.com/bid/34143
• MISChttp://osvdb.org/52849
• MISChttp://www.securityfocus.com/archive/1/501884/100/0/threaded
• MISChttp://www.louhinetworks.fi/advisory/HP_20090317.txt
• MISChttp://osvdb.org/52847