CVE-2002-1796

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://online.securityfocus.com/advisories/4317	Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.iss.net/security_center/static/9695.php	Broken Link
http://www.phenoelit.de/stuff/HP_Chai.txt	Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/284648	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/5334	Broken Link Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hp:chaivm_ezloader:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:laserjet_4100:-:::::::*
	cpe:2.3:h:hp:laserjet_4500:-:::::::*
	cpe:2.3:h:hp:laserjet_4550:-:::::::*
	cpe:2.3:h:hp:laserjet_8150:-:::::::*

History

No history.

Information

Published : 2002-12-31 05:00

Updated : 2024-02-08 20:47

NVD link : CVE-2002-1796

Mitre link : CVE-2002-1796

CVE.ORG link : CVE-2002-1796

JSON object : View

Products Affected

hp

laserjet_4500
chaivm_ezloader
laserjet_8150
laserjet_4550
laserjet_4100

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2002-1796", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://online.securityfocus.com/advisories/4317", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9695.php", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.phenoelit.de/stuff/HP_Chai.txt", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/284648", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5334", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services."}], "lastModified": "2024-02-08T20:47:34.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:chaivm_ezloader:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "490B782C-11BF-47E2-8899-8B462D2D8AA6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:laserjet_4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A1779FF-AF54-49D7-B357-3CB62371FA21"}, {"criteria": "cpe:2.3:h:hp:laserjet_4500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FADCF8F9-297F-43B8-A380-D91FDB66BD98"}, {"criteria": "cpe:2.3:h:hp:laserjet_4550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6EEF0E42-3082-4648-BA3A-3372763F72DD"}, {"criteria": "cpe:2.3:h:hp:laserjet_8150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4D75D04-E717-4361-9D62-08DCFF23ED9A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}