Detections
Analytics

HP LaserJet Improper Neutralization of Input During Web Page Generation (CVE-2009-2684)

medium Tenable OT Security Plugin ID 505346

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://marc.info/?l=bugtraq&m=125493484205823&w=2

https://exchange.xforce.ibmcloud.com/vulnerabilities/53677

Plugin Details

Severity: Medium

ID: 505346

File Name: tenable_ot_hp_CVE-2009-2684.nasl

Version: 1.1

Type: Remote

Family: Tenable.ot

Published: 5/4/2026

Updated: 5/4/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2009-2684

Vulnerability Information

CPE: cpe:/h:hp:color_laserjet_cp6015, cpe:/h:hp:laserjet_2420, cpe:/h:hp:color_laserjet_3800n, cpe:/h:hp:laserjet_m4345x_mfp, cpe:/h:hp:laserjet_m5025_mfp, cpe:/h:hp:laserjet_2430n, cpe:/h:hp:laserjet_p4014, cpe:/h:hp:laserjet_4250n, cpe:/h:hp:laserjet_4350n, cpe:/h:hp:laserjet_9050_mfp, cpe:/h:hp:laserjet_p4515, cpe:/h:hp:laserjet_5200n, cpe:/h:hp:color_laserjet_6040_mfp, cpe:/h:hp:color_laserjet_4700n, cpe:/h:hp:laserjet_m9040_mpf, cpe:/h:hp:laserjet_2410, cpe:/h:hp:color_laserjet_cp4005n, cpe:/h:hp:laserjet_9040n, cpe:/h:hp:color_laserjet_3600n, cpe:/h:hp:laserjet_m3027_mfp, cpe:/h:hp:laserjet_4345_mfp, cpe:/h:hp:laserjet_m3035_mfp, cpe:/h:hp:color_laserjet_3000n, cpe:/h:hp:laserjet_m9050_mpf, cpe:/h:hp:color_laserjet_cp3505, cpe:/h:hp:laserjet_p3005n, cpe:/h:hp:color_laserjet_4730_mfp, cpe:/h:hp:laserjet_4240, cpe:/h:hp:laserjet_9040_mfp, cpe:/h:hp:color_laserjet_cm4730_mfp, cpe:/h:hp:laserjet_9050n

Required KB Items: Tenable.ot/HP

Patch Publication Date: 10/13/2009

Vulnerability Publication Date: 10/13/2009

Reference Information

CVE: CVE-2009-2684

CWE: 79