1. Home
  2. CVE Database
  3. CVE-2004-2439
MEDIUM · 5.0

CVE-2004-2439

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.

Vulnerability Description

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
HpColor Laserjet4650
HpColor Laserjet 4600All versions
HpLaserjet 2500All versions
HpLaserjet 3000All versions
HpLaserjet 3700All versions
HpLaserjet 4100 MfpAll versions
HpLaserjet 4200All versions
HpLaserjet 4300All versions
HpLaserjet 9000All versions
HpLaserjet 9000 MfpAll versions
HpLaserjet 9040 MpfAll versions
HpLaserjet 9050All versions
HpLaserjet 9050 MpfAll versions
HpLaserjet 9055All versions
HpLaserjet 9065All versions
HpLaserjet 9500All versions
HpLaserjet 9500 MpfAll versions

References

FAQ

What is CVE-2004-2439?

CVE-2004-2439 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.

How severe is CVE-2004-2439?

CVE-2004-2439 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-2439?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Color Laserjet, Hp Color Laserjet 4600, Hp Laserjet 2500, Hp Laserjet 3000, Hp Laserjet 3700.