Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AT:P (prior cookie theft prerequisite) maps to AC:H in 3.1; PR:L retained for authenticated session requirement; UI:R reflects passive interaction; S:U as no scope change observed.
Primary rating from Vendor (hp).
CVSS VectorVendor: hp
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage.
AnalysisAI
Cross-Site Request Forgery in HP IP phones' web management interface allows an attacker who has obtained a stolen session cookie to submit unauthorized state-changing requests that modify the phone's webpage contents, with integrity and availability rated high (VI:H/VA:H) in the vendor-supplied CVSS 4.0 vector. The CVSS 4.0 score of 6.0 reflects the attack conditions prerequisite (AT:P) of prior cookie theft, low-level privilege requirement (PR:L), and passive user interaction (UI:P), meaningfully limiting opportunistic exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to first obtain a valid, active session cookie from a user authenticated to the HP IP phone's web management interface - this is the specific prerequisite encoded in the CVSS 4.0 AT:P (Attack Requirements Present) metric. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 score of 6.0 (medium) is broadly consistent with the underlying threat model. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targeting an enterprise network obtains a valid, active session cookie from an authenticated HP IP phone administrator - through network interception on a non-HTTPS management link, via phishing, or from a compromised endpoint - then crafts a forged HTTP request to the phone's web interface targeting a configuration-modifying endpoint and submits it with the stolen cookie. Because the interface does not validate request origin, the phone processes the forged request as legitimate and applies the attacker-supplied changes to the phone's webpage contents. … |
| Remediation | Consult HP Security Bulletin hpsbpy04109 (https://support.hp.com/us-en/document/ish_15255241-15255270-16/hpsbpy04109) for the authoritative patch release, affected model list, and exact fixed firmware versions - no specific patch version is independently confirmed from available CVE data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42442
GHSA-wj85-38pj-pr6j