CVE-2019-6320

Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.

CVSS v3 8.1 HIGH
CVSS v2.0 5.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.hp.com/us-en/document/c06308143	Vendor Advisory
https://support.hp.com/us-en/document/c06308143	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_f5s43a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_f5s43a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_f5s57a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_f5s57a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_k4t93a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_k4t93a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_k4t99c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_k4t99c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_k4u00b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_k4u00b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_k4u03b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_k4u03b:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_v3f21a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_v3f21a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:deskjet_3630_v3f22a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_3630_v3f22a:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-09 19:15

Updated : 2024-11-21 04:46

NVD link : CVE-2019-6320

Mitre link : CVE-2019-6320

CVE.ORG link : CVE-2019-6320

JSON object : View

Products Affected

deskjet_3630_k4u03b_firmware
deskjet_3630_v3f21a
deskjet_3630_k4u00b_firmware
deskjet_3630_v3f22a_firmware
deskjet_3630_v3f21a_firmware
deskjet_3630_v3f22a
deskjet_3630_f5s43a_firmware
deskjet_3630_k4u00b
deskjet_3630_k4t93a_firmware
deskjet_3630_f5s57a_firmware
deskjet_3630_k4t99c_firmware
deskjet_3630_f5s43a
deskjet_3630_k4t93a
deskjet_3630_k4u03b
deskjet_3630_f5s57a
deskjet_3630_k4t99c

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-6320

8.1^/10

5.8^/10

Attach tags to `CVE-2019-6320`