Detections
Analytics

HP Printer Directory Traversal (CVE-2008-4419)

high Tenable OT Security Plugin ID 505344

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://seclists.org/bugtraq/2010/Apr/108

Plugin Details

Severity: High

ID: 505344

File Name: tenable_ot_hp_CVE-2008-4419.nasl

Version: 1.1

Type: Remote

Family: Tenable.ot

Published: 4/30/2026

Updated: 4/30/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2008-4419

Vulnerability Information

CPE: cpe:/h:hp:laserjet_9040, cpe:/h:hp:color_laserjet_4370mfp, cpe:/h:hp:laserjet_9040mfp, cpe:/h:hp:laserjet_9050, cpe:/h:hp:laserjet_2420, cpe:/h:hp:laserjet_4350, cpe:/h:hp:laserjet_2410, cpe:/h:hp:laserjet_2430, cpe:/h:hp:laserjet_4250, cpe:/h:hp:laserjet_4345mfp, cpe:/h:hp:laserjet_9050mfp, cpe:/h:hp:color_laserjet_9500mfp

Required KB Items: Tenable.ot/HP

Patch Publication Date: 2/5/2009

Vulnerability Publication Date: 2/5/2009

Reference Information

CVE: CVE-2008-4419

CWE: 22