CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2018-5921

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.
Publish Date : 2018-10-03 Last Update Date : 2018-11-27
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) CSRF
CWE ID 352

- Products Affected By CVE-2018-5921

# Product Type Vendor Product Version Update Edition Language
1 OS HP A2w75a Firmware - Version Details Vulnerabilities
2 OS HP A2w75a Firmware 2308214 000928 Version Details Vulnerabilities
3 OS HP A2w76a Firmware - Version Details Vulnerabilities
4 OS HP A2w76a Firmware 2308214 000928 Version Details Vulnerabilities
5 OS HP A2w77a Firmware - Version Details Vulnerabilities
6 OS HP A2w77a Firmware 2308214 000930 Version Details Vulnerabilities
7 OS HP A2w78a Firmware - Version Details Vulnerabilities
8 OS HP A2w78a Firmware 2308214 000930 Version Details Vulnerabilities
9 OS HP A2w79a Firmware - Version Details Vulnerabilities
10 OS HP A2w79a Firmware 2308214 000930 Version Details Vulnerabilities
11 OS HP B3g85a Firmware - Version Details Vulnerabilities
12 OS HP B3g85a Firmware 2308214 000912 Version Details Vulnerabilities
13 OS HP B5l04a Firmware - Version Details Vulnerabilities
14 OS HP B5l04a Firmware 2308214 000902 Version Details Vulnerabilities
15 OS HP B5l05a Firmware - Version Details Vulnerabilities
16 OS HP B5l05a Firmware 2308214 000902 Version Details Vulnerabilities
17 OS HP B5l07a Firmware - Version Details Vulnerabilities
18 OS HP B5l07a Firmware 2308214 000902 Version Details Vulnerabilities
19 OS HP B5l26a Firmware - Version Details Vulnerabilities
20 OS HP B5l26a Firmware 2308214 000907 Version Details Vulnerabilities
21 OS HP B5l46a Firmware - Version Details Vulnerabilities
22 OS HP B5l46a Firmware 2308214 000909 Version Details Vulnerabilities
23 OS HP B5l47a Firmware - Version Details Vulnerabilities
24 OS HP B5l47a Firmware 2308214 000909 Version Details Vulnerabilities
25 OS HP B5l48a Firmware - Version Details Vulnerabilities
26 OS HP B5l48a Firmware 2308214 000909 Version Details Vulnerabilities
27 OS HP C2s11a Firmware - Version Details Vulnerabilities
28 OS HP C2s11a Firmware 2308214 000906 Version Details Vulnerabilities
29 OS HP C2s12a Firmware - Version Details Vulnerabilities
30 OS HP C2s12a Firmware 2308214 000906 Version Details Vulnerabilities
31 OS HP Cc522a Firmware - Version Details Vulnerabilities
32 OS HP Cc522a Firmware 2308214 000932 Version Details Vulnerabilities
33 OS HP Cc523a Firmware - Version Details Vulnerabilities
34 OS HP Cc523a Firmware 2308214 000932 Version Details Vulnerabilities
35 OS HP Cc524a Firmware - Version Details Vulnerabilities
36 OS HP Cc524a Firmware 2308214 000932 Version Details Vulnerabilities
37 OS HP Cd644a Firmware - Version Details Vulnerabilities
38 OS HP Cd644a Firmware 2308214 000925 Version Details Vulnerabilities
39 OS HP Cd645a Firmware - Version Details Vulnerabilities
40 OS HP Cd645a Firmware 2308214 000925 Version Details Vulnerabilities
41 OS HP Cd646a Firmware - Version Details Vulnerabilities
42 OS HP Cd646a Firmware 2308214 000925 Version Details Vulnerabilities
43 OS HP Cf066a Firmware - Version Details Vulnerabilities
44 OS HP Cf066a Firmware 2308214 000921 Version Details Vulnerabilities
45 OS HP Cf067a Firmware - Version Details Vulnerabilities
46 OS HP Cf067a Firmware 2308214 000921 Version Details Vulnerabilities
47 OS HP Cf068a Firmware - Version Details Vulnerabilities
48 OS HP Cf068a Firmware 2308214 000921 Version Details Vulnerabilities
49 OS HP Cf069a Firmware - Version Details Vulnerabilities
50 OS HP Cf069a Firmware 2308214 000921 Version Details Vulnerabilities
51 OS HP Cf116a Firmware - Version Details Vulnerabilities
52 OS HP Cf116a Firmware 2308214 000913 Version Details Vulnerabilities
53 OS HP Cf117a Firmware - Version Details Vulnerabilities
54 OS HP Cf117a Firmware 2308214 000913 Version Details Vulnerabilities
55 OS HP Cf118a Firmware - Version Details Vulnerabilities
56 OS HP Cf118a Firmware 2308214 000913 Version Details Vulnerabilities
57 OS HP Cf367a Firmware - Version Details Vulnerabilities
58 OS HP Cf367a Firmware 2308214 000916 Version Details Vulnerabilities
59 OS HP Cz244a Firmware - Version Details Vulnerabilities
60 OS HP Cz244a Firmware 2308214 000920 Version Details Vulnerabilities
61 OS HP Cz245a Firmware - Version Details Vulnerabilities
62 OS HP Cz245a Firmware 2308214 000920 Version Details Vulnerabilities
63 OS HP D7p70a Firmware - Version Details Vulnerabilities
64 OS HP D7p70a Firmware 2308214 000928 Version Details Vulnerabilities
65 OS HP D7p71a Firmware - Version Details Vulnerabilities
66 OS HP D7p71a Firmware 2308214 000928 Version Details Vulnerabilities
67 OS HP E6b71a Firmware - Version Details Vulnerabilities
68 OS HP E6b71a Firmware 2308214 000908 Version Details Vulnerabilities
69 OS HP E6b73a Firmware - Version Details Vulnerabilities
70 OS HP E6b73a Firmware 2308214 000908 Version Details Vulnerabilities
71 OS HP F2a76a Firmware - Version Details Vulnerabilities
72 OS HP F2a76a Firmware 2308214 000905 Version Details Vulnerabilities
73 OS HP F2a77a Firmware - Version Details Vulnerabilities
74 OS HP F2a77a Firmware 2308214 000905 Version Details Vulnerabilities
75 OS HP F2a81a Firmware - Version Details Vulnerabilities
76 OS HP F2a81a Firmware 2308214 000905 Version Details Vulnerabilities
77 OS HP G1w39a Firmware - Version Details Vulnerabilities
78 OS HP G1w39a Firmware 2308214 000923 Version Details Vulnerabilities
79 OS HP G1w40a Firmware - Version Details Vulnerabilities
80 OS HP G1w40a Firmware 2308214 000923 Version Details Vulnerabilities
81 OS HP G1w41a Firmware - Version Details Vulnerabilities
82 OS HP G1w41a Firmware 2308214 000923 Version Details Vulnerabilities
83 OS HP G1w46a Firmware - Version Details Vulnerabilities
84 OS HP G1w46a Firmware 2308214 000910 Version Details Vulnerabilities
85 OS HP G1w46v Firmware - Version Details Vulnerabilities
86 OS HP G1w46v Firmware 2308214 000910 Version Details Vulnerabilities
87 OS HP G1w47a Firmware - Version Details Vulnerabilities
88 OS HP G1w47a Firmware 2308214 000910 Version Details Vulnerabilities
89 OS HP G1w47v Firmware - Version Details Vulnerabilities
90 OS HP G1w47v Firmware 2308214 000910 Version Details Vulnerabilities
91 OS HP J7x28a Firmware - Version Details Vulnerabilities
92 OS HP J7x28a Firmware 2308214 000912 Version Details Vulnerabilities
93 OS HP L3u42a Firmware - Version Details Vulnerabilities
94 OS HP L3u42a Firmware 2308214 000923 Version Details Vulnerabilities
95 OS HP L3u43a Firmware - Version Details Vulnerabilities
96 OS HP L3u43a Firmware 2308214 000923 Version Details Vulnerabilities
97 OS HP L3u44a Firmware - Version Details Vulnerabilities
98 OS HP L3u44a Firmware 2308214 000910 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
HP A2w75a Firmware 2
HP A2w76a Firmware 2
HP A2w77a Firmware 2
HP A2w78a Firmware 2
HP A2w79a Firmware 2
HP B3g85a Firmware 2
HP B5l04a Firmware 2
HP B5l05a Firmware 2
HP B5l07a Firmware 2
HP B5l26a Firmware 2
HP B5l46a Firmware 2
HP B5l47a Firmware 2
HP B5l48a Firmware 2
HP C2s11a Firmware 2
HP C2s12a Firmware 2
HP Cc522a Firmware 2
HP Cc523a Firmware 2
HP Cc524a Firmware 2
HP Cd644a Firmware 2
HP Cd645a Firmware 2
HP Cd646a Firmware 2
HP Cf066a Firmware 2
HP Cf067a Firmware 2
HP Cf068a Firmware 2
HP Cf069a Firmware 2
HP Cf116a Firmware 2
HP Cf117a Firmware 2
HP Cf118a Firmware 2
HP Cf367a Firmware 2
HP Cz244a Firmware 2
HP Cz245a Firmware 2
HP D7p70a Firmware 2
HP D7p71a Firmware 2
HP E6b71a Firmware 2
HP E6b73a Firmware 2
HP F2a76a Firmware 2
HP F2a77a Firmware 2
HP F2a81a Firmware 2
HP G1w39a Firmware 2
HP G1w40a Firmware 2
HP G1w41a Firmware 2
HP G1w46a Firmware 2
HP G1w46v Firmware 2
HP G1w47a Firmware 2
HP G1w47v Firmware 2
HP J7x28a Firmware 2
HP L3u42a Firmware 2
HP L3u43a Firmware 2
HP L3u44a Firmware 2

- References For CVE-2018-5921

https://support.hp.com/us-en/document/c05949322
HP HPSBPI03580

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)

- Metasploit Modules Related To CVE-2018-5921

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.