7.8

CVE-2002-1796

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

Data is provided by the National Vulnerability Database (NVD)
HpChaivm Ezloader Version-
   HpLaserjet 4100 Version-
   HpLaserjet 4500 Version-
   HpLaserjet 4550 Version-
   HpLaserjet 8150 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.192
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

http://online.securityfocus.com/advisories/4317
Patch
Third Party Advisory
Vendor Advisory
Broken Link
VDB Entry
http://www.phenoelit.de/stuff/HP_Chai.txt
Vendor Advisory
Broken Link
http://www.securityfocus.com/archive/1/284648
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/5334
Third Party Advisory
Broken Link
VDB Entry