Overview
Hewlett Packard (HP) printers store sensitive administrative account information in a variable that is served to any user that makes a certain SNMP request.
Description
HP JetDirect-enabled printers are configurable via HTTP and Telnet and accept SNMP requests. These printers store the administrative account password in an SNMP variable that can be read by any remote user that knows the address of the printer and the location of the variable. The location of the variable is unchanging. |
Impact
Attackers can obtain sensitive information and gain unauthorized access to the printer. |
Solution
Apply a patch Update to firmware version X.22.09 or later. |
Vendor Information
377003
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Phenoelit for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
| CVE IDs: | CVE-2002-1048 |
| Severity Metric: | 1.71 |
| Date Public: | 2002-07-27 |
| Date First Published: | 2002-09-16 |
| Date Last Updated: | 2004-02-23 22:24 UTC |
| Document Revision: | 6 |