Local Service Loading Vulnerability in HP LaserJet and Color LaserJet Products
CVE-2002-1796

7.8HIGH

Key Information:

Vendor

HP
Status
Chaivm
Vendor
CVE Published:
31 December 2002

What is CVE-2002-1796?

The ChaiVM EZloader on specific HP LaserJet models lacks adequate verification of JAR signatures for new services. This flaw enables local users to load unauthorized Chai services, potentially compromising the functionality and security of the device. Users should be attentive to service management on the affected HP LaserJet products to mitigate potential risks associated with this vulnerability.

References

http://www.phenoelit.de/stuff/HP_Chai.txt
x_refsource_MISC
http://www.securityfocus.com/bid/5334
vdb-entryx_refsource_BID
http://online.securityfocus.com/advisories/4317
vendor-advisoryx_refsource_HP

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.