Skip to main content

HP IP Phone CVE-2026-5923

| EUVDEUVD-2026-42442 MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-07-08 hp-security-alert@hp.com GHSA-wj85-38pj-pr6j
6.0
CVSS 4.0 · Vendor: hp
Share

Severity by source

Vendor (hp) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.7 MEDIUM

AT:P (prior cookie theft prerequisite) maps to AC:H in 3.1; PR:L retained for authenticated session requirement; UI:R reflects passive interaction; S:U as no scope change observed.

3.1 AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hp).

CVSS VectorVendor: hp

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Patch available
Jul 08, 2026 - 23:04 EUVD
Analysis Generated
Jul 08, 2026 - 22:42 vuln.today

DescriptionCVE.org

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage.

AnalysisAI

Cross-Site Request Forgery in HP IP phones' web management interface allows an attacker who has obtained a stolen session cookie to submit unauthorized state-changing requests that modify the phone's webpage contents, with integrity and availability rated high (VI:H/VA:H) in the vendor-supplied CVSS 4.0 vector. The CVSS 4.0 score of 6.0 reflects the attack conditions prerequisite (AT:P) of prior cookie theft, low-level privilege requirement (PR:L), and passive user interaction (UI:P), meaningfully limiting opportunistic exploitation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify target HP IP phone web interface
Delivery
Steal active session cookie via interception or endpoint compromise
Exploit
Craft forged CSRF HTTP request
Execution
Submit request with stolen cookie to management interface
Persist
Phone processes unauthorized modification
Impact
Webpage contents altered

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to first obtain a valid, active session cookie from a user authenticated to the HP IP phone's web management interface - this is the specific prerequisite encoded in the CVSS 4.0 AT:P (Attack Requirements Present) metric. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 score of 6.0 (medium) is broadly consistent with the underlying threat model. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker targeting an enterprise network obtains a valid, active session cookie from an authenticated HP IP phone administrator - through network interception on a non-HTTPS management link, via phishing, or from a compromised endpoint - then crafts a forged HTTP request to the phone's web interface targeting a configuration-modifying endpoint and submits it with the stolen cookie. Because the interface does not validate request origin, the phone processes the forged request as legitimate and applies the attacker-supplied changes to the phone's webpage contents. …
Remediation Consult HP Security Bulletin hpsbpy04109 (https://support.hp.com/us-en/document/ish_15255241-15255270-16/hpsbpy04109) for the authoritative patch release, affected model list, and exact fixed firmware versions - no specific patch version is independently confirmed from available CVE data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-5923 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy