Details of VAR-201308-0275

ID

VAR-201308-0275

CVE

CVE-2013-4807

TITLE

plural HP LaserJet Pro Vulnerabilities that modify data in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-003650

DESCRIPTION

Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors. plural HP LaserJet Pro Vulnerabilities exist in vulnerabilities that alter data.Data may be changed by third parties. The HP LaserJet Pro is a laser printer device developed by Hewlett Packard. Multiple HP LaserJet Pro products have security vulnerabilities that allow malicious users to bypass some security restrictions and gain unauthorized access to restricted data. Technical details are currently unavailable. We will update this BID as soon as more information becomes available. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Vulnerabilities exist in the following products and versions: P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, CP1025nw using firmware versions earlier than 2013-07-26 and version 20130703

Trust: 2.52

sources: NVD: CVE-2013-4807 // JVNDB: JVNDB-2013-003650 // CNVD: CNVD-2013-11494 // BID: 61565 // VULHUB: VHN-64809

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-11494

AFFECTED PRODUCTS

vendor:	hp	model:	laserjet pro m1212nf mfp	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hp	model:	laserjet pro m1213nf mfp	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hp	model:	laserjet pro p1606dn	scope:	eq	version:	20130212	Trust: 1.6
vendor:	hp	model:	laserjet pro m1216nfh multifunction printer	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hp	model:	laserjet pro m1217nfw multifunction printer	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hp	model:	laserjet pro cp1025nw	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hp	model:	laserjet pro p1102w	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hp	model:	laserjet pro m1214nfh mfp	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hp	model:	hotspot laserjet pro m1218nfs mfp	scope:	eq	version:	20130703	Trust: 1.6
vendor:	hewlett packard	model:	hp hotspot laserjet pro m1218nfs mfp	scope:	eq	version:	b4k88a	Trust: 0.8
vendor:	hewlett packard	model:	hp hotspot laserjet pro m1218nfs mfp	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro cp1025nw color printer	scope:	eq	version:	ce914a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro cp1025nw color printer	scope:	eq	version:	ce918a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro cp1025nw color printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1212nf multifunction printer	scope:	eq	version:	ce841a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1212nf multifunction printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1213nf multifunction printer	scope:	eq	version:	ce845a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1213nf multifunction printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1214nfh multifunction printer	scope:	eq	version:	ce842a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1214nfh multifunction printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1216nfh multifunction printer	scope:	eq	version:	ce843a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1216nfh multifunction printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1217nfw multifunction printer	scope:	eq	version:	ce844a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro m1217nfw multifunction printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro p1102w printer	scope:	eq	version:	ce657a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro p1102w printer	scope:	eq	version:	ce658a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro p1102w printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro p1606dn printer	scope:	eq	version:	ce749a	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet pro p1606dn printer	scope:	lt	version:	2013-07-26 20130703	Trust: 0.8
vendor:	hp	model:	laserjet pro m1213nf multifunction printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet pro m1217nfw multifunction printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet pro p1102 printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	hotspot laserjet pro m1218nfs multifunction printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet pro cp1025 color printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet pro m1212nf multifunction printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet pro m1214nfh multifunction printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet pro m1216nfh multifunction printer series	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet pro p1606dn printer	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-11494 // JVNDB: JVNDB-2013-003650 // CNNVD: CNNVD-201308-059 // NVD: CVE-2013-4807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4807
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-4807
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-11494
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201308-059
value:	HIGH
Trust: 0.6
VULHUB:	VHN-64809
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-4807
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-11494
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64809
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-11494 // VULHUB: VHN-64809 // JVNDB: JVNDB-2013-003650 // CNNVD: CNNVD-201308-059 // NVD: CVE-2013-4807

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-4807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-059

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201308-059

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003650

PATCH

title:	HPSBPI02887 SSRT101181	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03825817	Trust: 0.8
title:	Patch for Unknown Information Disclosure Vulnerabilities in Multiple HP LaserJet Pro Printers	url:	https://www.cnvd.org.cn/patchInfo/show/38010	Trust: 0.6

sources: CNVD: CNVD-2013-11494 // JVNDB: JVNDB-2013-003650

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4807	Trust: 3.4
db:	BID	id:	61565	Trust: 2.0
db:	SECTRACK	id:	1028869	Trust: 1.1
db:	OSVDB	id:	95907	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003650	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-059	Trust: 0.7
db:	SECUNIA	id:	54319	Trust: 0.6
db:	CNVD	id:	CNVD-2013-11494	Trust: 0.6
db:	HP	id:	HPSBPI02887	Trust: 0.6
db:	HP	id:	SSRT101181	Trust: 0.6
db:	VULHUB	id:	VHN-64809	Trust: 0.1

sources: CNVD: CNVD-2013-11494 // VULHUB: VHN-64809 // BID: 61565 // JVNDB: JVNDB-2013-003650 // CNNVD: CNNVD-201308-059 // NVD: CVE-2013-4807

REFERENCES

url:	http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03825817	Trust: 2.3
url:	http://www.securityfocus.com/bid/61565	Trust: 1.1
url:	http://osvdb.org/95907	Trust: 1.1
url:	http://www.securitytracker.com/id/1028869	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/86178	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4807	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4807	Trust: 0.8
url:	http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03825817-2	Trust: 0.6
url:	http://www.secunia.com/advisories/54319/	Trust: 0.6
url:	http://www.hp.com/	Trust: 0.3

sources: CNVD: CNVD-2013-11494 // VULHUB: VHN-64809 // BID: 61565 // JVNDB: JVNDB-2013-003650 // CNNVD: CNNVD-201308-059 // NVD: CVE-2013-4807

CREDITS

Micha Sajdak of Securitum.pl

Trust: 0.3

sources: BID: 61565

SOURCES

db:	CNVD	id:	CNVD-2013-11494
db:	VULHUB	id:	VHN-64809
db:	BID	id:	61565
db:	JVNDB	id:	JVNDB-2013-003650
db:	CNNVD	id:	CNNVD-201308-059
db:	NVD	id:	CVE-2013-4807

LAST UPDATE DATE

2025-04-11T23:02:56.986000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-11494	date:	2013-08-09T00:00:00
db:	VULHUB	id:	VHN-64809	date:	2017-08-29T00:00:00
db:	BID	id:	61565	date:	2013-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2013-003650	date:	2013-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201308-059	date:	2013-08-13T00:00:00
db:	NVD	id:	CVE-2013-4807	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-11494	date:	2013-08-05T00:00:00
db:	VULHUB	id:	VHN-64809	date:	2013-08-05T00:00:00
db:	BID	id:	61565	date:	2013-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2013-003650	date:	2013-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201308-059	date:	2013-08-07T00:00:00
db:	NVD	id:	CVE-2013-4807	date:	2013-08-05T13:22:52.707