Skip to main content

Jwt Attack CVE-2019-6318

CRITICAL
Improper Verification of Cryptographic Signature (CWE-347)
2019-04-11 hp-security-alert@hp.com
Jwt Attack HP RCE Color Laserjet Cm4540 Mfp Firmware Color Laserjet Enterprise Cp5525 Firmware Color Laserjet Enterprise M553 Firmware Color Laserjet Enterprise M552 Firmware Color Laserjet Managed M553 Firmware Color Laserjet Enterprise M651 Firmware Color Laserjet Managed M651 Firmware Color Laserjet Enterprise M652 Firmware Color Laserjet Enterprise M653 Firmware Color Laserjet Enterprise M750 Firmware Color Laserjet Enterprise M855 Firmware Color Laserjet Enterprise Mfp M577 Firmware Color Laserjet Enterprise Flow Mfp M577 Firmware Color Laserjet Enterprise Mfp M680 Firmware Color Laserjet Enterprise Flow Mfp M680 Firmware Color Laserjet Enterprise Mfp M681 Firmware Color Laserjet Enterprise Flow Mfp M681 Firmware Color Laserjet Enterprise Mfp M682 Firmware Color Laserjet Enterprise Flow Mfp M682 Firmware Color Laserjet Enterprise Flow Mfp M880Z Firmware Color Laserjet Managed Flow Mfp M880Zm Firmware Color Laserjet Managed E55040Dw Firmware Color Laserjet Managed E65050 Firmware Color Laserjet Managed E65060 Firmware Color Laserjet Managed Flow Mfp E77822 Firmware Color Laserjet Managed Flow Mfp E77825 Firmware Color Laserjet Managed Flow Mfp E77830 Firmware Color Laserjet Managed Mfp E57540 Firmware Color Laserjet Managed Flow Mfp E57540 Firmware Color Laserjet Managed Mfp E67550 Firmware Color Laserjet Managed Mfp E67560 Firmware Color Laserjet Managed Flow Mfp E6750 Firmware Color Laserjet Managed Flow Mfp E67560 Firmware Color Laserjet Managed Mfp E77822 Firmware Color Laserjet Managed Mfp E77825 Firmware Color Laserjet Managed Mfp E77830 Firmware Color Laserjet Managed Mfp E87640 Firmware Color Laserjet Managed Mfp E87650 Firmware Color Laserjet Managed Mfp E87660 Firmware Color Laserjet Managed Flow Mfp E87640 Firmware Color Laserjet Managed Flow Mfp E87650 Firmware Color Laserjet Managed Flow Mfp E87660 Firmware Color Laserjet Managed Mfp M577 Firmware Color Laserjet Managed Flow Mfp M577 Firmware Color Laserjet Managed Mfp M680 Firmware Color Laserjet Managed Flow Mfp M680 Firmware Laserjet Enterprise 500 Color M551 Firmware Laserjet Enterprise 500 Mfp M525F Firmware Laserjet Enterprise Flow Mfp M525 Firmware Laserjet Enterprise 500 Color Mfp M575 Firmware Laserjet Enterprise Color Flow Mfp M575 Firmware Laserjet Enterprise 600 M601 Firmware Laserjet Enterprise 600 M602 Firmware Laserjet Enterprise 600 M603 Firmware Laserjet Enterprise 700 Color Mfp M775 Firmware Color Laserjet Managed Mfp M775 Firmware Laserjet Enterprise 700 M712 Firmware Laserjet Enterprise Flow Mfp M630 Firmware Laserjet Managed Flow Mfp M630 Firmware Laserjet Enterprise Flow Mfp M830 Firmware Laserjet Managed Flow Mfp M830 Firmware Laserjet Enterprise M4555 Mfp Firmware Laserjet Enterprise M506 Firmware Laserjet Managed M506 Firmware Laserjet Enterprise M604 Firmware Laserjet Enterprise M605 Firmware Laserjet Managed M605 Firmware Laserjet Enterprise M606 Firmware Laserjet Enterprise M607 Firmware Laserjet Enterprise M608 Firmware Laserjet Enterprise M609 Firmware Laserjet Enterprise M806 Firmware Laserjet Enterprise Mfp M527 Firmware Laserjet Enterprise Flow Mfp M527Z Firmware Laserjet Enterprise Mfp M630 Firmware Laserjet Managed Mfp M630 Firmware Laserjet Enterprise Mfp M631 Firmware Laserjet Enterprise Flow Mfp M631 Firmware Laserjet Enterprise Mfp M632 Firmware Laserjet Enterprise Flow Mfp M632 Firmware Laserjet Enterprise Mfp M633 Firmware Laserjet Enterprise Flow Mfp M633 Firmware Laserjet Enterprise Mfp M725 Firmware Laserjet Managed Mfp M725 Firmware Laserjet Managed 500 Mfp M525 Firmware Laserjet Managed Flow Mfp M525 Firmware Laserjet Managed 500 Color Mfp M575 Firmware Laserjet Managed Color Flow Mfp M575 Firmware Laserjet Managed E50045 Firmware Laserjet Managed Mfp E52545 Firmware Laserjet Managed Flow Mfp E52545C Firmware Laserjet Managed E60055 Firmware Laserjet Managed E60065 Firmware Laserjet Managed E60075 Firmware Laserjet Managed Mfp E62555 Firmware Laserjet Managed Mfp E62565 Firmware Laserjet Managed Flow Mfp E62555 Firmware Laserjet Managed Flow Mfp E62565 Firmware Laserjet Managed Flow Mfp E62575 Firmware Laserjet Managed Mfp E72525 Firmware Laserjet Managed Mfp E72530 Firmware Laserjet Managed Mfp E72535 Firmware Laserjet Managed Flow Mfp E72525 Firmware Laserjet Managed Flow Mfp E72530 Firmware Laserjet Managed Flow Mfp E72535 Firmware Laserjet Managed Mfp E82540 Firmware Laserjet Managed Mfp E82550 Firmware Laserjet Managed Mfp E82560 Firmware Laserjet Managed Flow Mfp E82540 Firmware Laserjet Managed Flow Mfp E82550 Firmware Laserjet Managed Flow Mfp E82560 Firmware Laserjet Managed Mfp M527 Firmware Laserjet Managed Flow Mfp M527Z Firmware Officejet Enterprise Color Flow Mfp X585 Firmware Officejet Managed Color Flow Mfp X585 Firmware Officejet Enterprise Color Mfp X585 Firmware Officejet Managed Color Mfp X585 Firmware Officejet Enterprise Color X555 Firmware Pagewide Color 755 Firmware Pagewide Color Mfp 774 Firmware Pagewide Color Mfp 779 Firmware Pagewide Enterprise Color 556 Firmware Pagewide Enterprise Color 765 Firmware Pagewide Enterprise Color Mfp 586 Firmware Pagewide Enterprise Color Flow Mfp 586Z Firmware Pagewide Enterprise Color Mfp 780 Firmware Pagewide Enterprise Color Flow Mfp 780F Firmware Pagewide Enterprise Color Flow Mpf 785 Firmware Pagewide Managed Color E55650 Firmware Pagewide Managed Color Mfp E58650Dn Firmware Pagewide Managed Color Flow Mfp E58650Z Firmware Pagewide Managed Color E75160 Firmware Pagewide Managed Color P75250 Firmware Pagewide Managed Color Mfp P77440 Firmware Pagewide Managed Color Mfp E77650 Firmware Pagewide Managed Color Flow Mfp E77650 Firmware Pagewide Managed Color Flow Mfp E77660Z Firmware Pagewide Managed Color Mfp P77940 Firmware Pagewide Managed Color Mfp P77950 Firmware Pagewide Managed Color Mfp P77960 Firmware Scanjet Enterprise 8500 Fn1 Document Capture Workstation Firmware Digital Sender Flow 8500 Fn2 Document Capture Workstation Firmware Scanjet Enterprise Flow N9120 Fn2 Document Scanner Firmware
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 11, 2019 - 15:29 nvd
CRITICAL 9.8

DescriptionNVD

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.

AnalysisAI

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-347. HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code. Affected products include: Hp Color Laserjet Cm4540 Mfp Firmware, Hp Color Laserjet Enterprise Cp5525 Firmware, Hp Color Laserjet Enterprise M553 Firmware, Hp Color Laserjet Enterprise M552 Firmware, Hp Color Laserjet Managed M553 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2019-6318 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy