CVE-2021-3965 - Vulnerability Details

Description

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.

Published: 2022-01-14

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

HP DesignJet Printer

affected

Version	Status	Constraints
`before MRY_07_07_04.1`	affected	—
`before AENEAS_04_09_06.1`	affected	—
`before PTR8_03_07_06.1`	affected	—
`before PX8_06_05_02.1`	affected	—
`before PX6_06_05_02.1`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hp:designjet_t920_cr355a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t920_cr355a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:designjet_t920_cr355b_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t920_cr355b:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:designjet_t920_cr354a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t920_cr354a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:designjet_t930_l2y22a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t930_l2y22a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hp:designjet_t930_l2y22b_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t930_l2y22b:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hp:designjet_t930_l2y21a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t930_l2y21a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:designjet_t930_l2y21b_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t930_l2y21b:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:designjet_t1530_l2y24a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t1530_l2y24a:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hp:designjet_t1530_l2y24b_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t1530_l2y24b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hp:designjet_t1530_l2y23a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t1530_l2y23a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hp:designjet_t2530_l2y25a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t2530_l2y25a:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hp:designjet_t2530_l2y26a_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t2530_l2y26a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hp:designjet_t2530_l2y26b_firmware:mry_07_07_04.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t2530_l2y26b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hp:designjet_t3500_b9e24a_firmware:aeneas_04_09_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t3500_b9e24a:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hp:designjet_t3500_b9e24b_firmware:aeneas_04_09_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t3500_b9e24b:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hp:designjet_t3500_b9e25a_firmware:aeneas_04_09_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_t3500_b9e25a:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hp:designjet_z6800_f2s72a_firmware:ptr8_03_07_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6800_f2s72a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:hp:designjet_z6800_f2s72ar_firmware:ptr8_03_07_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6800_f2s72ar:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:hp:designjet_z6800_f2s72b_firmware:ptr8_03_07_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6800_f2s72b:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:hp:designjet_z6600_f2s71a_firmware:ptr6_03_07_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6600_f2s71a:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:hp:designjet_z6600_f2s71ar_firmware:ptr6_03_07_06.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6600_f2s71ar:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:hp:designjet_z6810_2qu12a_firmware:px8_06_05_02.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6810_2qu12a:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:hp:designjet_z6810_2qu12b_firmware:px8_06_05_02.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6810_2qu12b:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:hp:designjet_z6810_2qu14a_firmware:px8_06_05_02.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6810_2qu14a:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:hp:designjet_z6810_2qu14b_firmware:px8_06_05_02.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6810_2qu14b:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:hp:designjet_z6610_2qu13b_firmware:px6_06_05_02.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6610_2qu13b:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:hp:designjet_z6610_2qu13a_firmware:px6_06_05_02.1:*:*:*:*:*:*:*

cpe:2.3:h:hp:designjet_z6610_2qu13a:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-27170	Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00255.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://support.hp.com/us-en/document/ish_5268198-5268230-16

History

No history.

Subscriptions

Hp Designjet T1530 L2y23a Designjet T1530 L2y23a Firmware Designjet T1530 L2y24a Designjet T1530 L2y24a Firmware Designjet T1530 L2y24b Designjet T1530 L2y24b Firmware Designjet T2530 L2y25a Designjet T2530 L2y25a Firmware Designjet T2530 L2y26a Designjet T2530 L2y26a Firmware Designjet T2530 L2y26b Designjet T2530 L2y26b Firmware Designjet T3500 B9e24a Designjet T3500 B9e24a Firmware Designjet T3500 B9e24b Designjet T3500 B9e24b Firmware Designjet T3500 B9e25a Designjet T3500 B9e25a Firmware Designjet T920 Cr354a Designjet T920 Cr354a Firmware Designjet T920 Cr355a Designjet T920 Cr355a Firmware Designjet T920 Cr355b Designjet T920 Cr355b Firmware Designjet T930 L2y21a Designjet T930 L2y21a Firmware Designjet T930 L2y21b Designjet T930 L2y21b Firmware Designjet T930 L2y22a Designjet T930 L2y22a Firmware Designjet T930 L2y22b Designjet T930 L2y22b Firmware Designjet Z6600 F2s71a Designjet Z6600 F2s71a Firmware Designjet Z6600 F2s71ar Designjet Z6600 F2s71ar Firmware Designjet Z6610 2qu13a Designjet Z6610 2qu13a Firmware Designjet Z6610 2qu13b Designjet Z6610 2qu13b Firmware Designjet Z6800 F2s72a Designjet Z6800 F2s72a Firmware Designjet Z6800 F2s72ar Designjet Z6800 F2s72ar Firmware Designjet Z6800 F2s72b Designjet Z6800 F2s72b Firmware Designjet Z6810 2qu12a Designjet Z6810 2qu12a Firmware Designjet Z6810 2qu12b Designjet Z6810 2qu12b Firmware Designjet Z6810 2qu14a Designjet Z6810 2qu14a Firmware Designjet Z6810 2qu14b Designjet Z6810 2qu14b Firmware

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2022-01-14T19:11:42.000Z

Updated: 2024-08-03T17:09:09.697Z

Reserved: 2021-11-16T00:00:00.000Z

Link: CVE-2021-3965

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-14T20:15:11.637

Modified: 2024-11-21T06:23:14.930

Link: CVE-2021-3965

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-639

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object