Vulnerabilities > CVE-2013-4828 - Cryptographic Issues vulnerability in HP products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

CWE-310

NVD

Published: 2013-10-04

Updated: 2019-10-09

Summary

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Hardware	Hp HP Color Laserjet Cm4540 - HP Color Laserjet Cm4540F - HP Color Laserjet Cm4540Fskm - HP Color Laserjet M575Dn - HP Color Laserjet M575F - HP Color Laserjet M775Dn - HP Color Laserjet M775F - HP Color Laserjet M775Z - HP Color Laserjet M775Z+ - HP Laserjet Enterprise Color Flow M575C - HP Laserjet Flow M525C - HP Laserjet M4555 - HP Laserjet M4555F - HP Laserjet M4555Fskm - HP Laserjet M4555H - HP Laserjet M525Dn - HP Laserjet M525F - HP Laserjet M725Dn - HP Laserjet M725F - HP Laserjet M725Z - HP Laserjet M725Z+ - HP Scanjet Enterprise 8500Fn1 -	22

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014