Vulnerability Description
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | W1A75A Firmware | < 002_2413A |
| Hp | W1A75A | - |
| Hp | W1A76A Firmware | < 002_2413A |
| Hp | W1A76A | - |
| Hp | W1A77A Firmware | < 002_2413A |
| Hp | W1A77A | - |
| Hp | W1A81A Firmware | < 002_2413A |
| Hp | W1A81A | - |
| Hp | W1A82A Firmware | < 002_2413A |
| Hp | W1A82A | - |
| Hp | W1A79A Firmware | < 002_2413A |
| Hp | W1A79A | - |
| Hp | W1A80A Firmware | < 002_2413A |
| Hp | W1A80A | - |
| Hp | W1A78A Firmware | < 002_2413A |
| Hp | W1A78A | - |
Related Weaknesses (CWE)
References
- https://support.hp.com/us-en/document/ish_10643804-10643841-16/HPSBPI03941Vendor Advisory
- https://support.hp.com/us-en/document/ish_10643804-10643841-16/HPSBPI03941Vendor Advisory
FAQ
What is CVE-2024-5143?
CVE-2024-5143 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the ne...
How severe is CVE-2024-5143?
CVE-2024-5143 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5143?
Check the references section above for vendor advisories and patch information. Affected products include: Hp W1A75A Firmware, Hp W1A75A, Hp W1A76A Firmware, Hp W1A76A, Hp W1A77A Firmware.