Vulnerability CVE-1999-0564

Vulnerability Name:

CVE-1999-0564 (CCN-1818)

Assigned:

1997-10-04

Published:

1997-10-04

Updated:

2022-08-17

Summary:

An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: BugTraq Mailing List, Sat, 4 Oct 1997 18:02:01 -0300
HP Laserjet 4M Plus DirectJet Problem

Source: MITRE
Type: CNA
CVE-1999-0564

Source: MITRE
Type: CNA
CVE-1999-1062

Source: CCN
Type: OSVDB ID: 88
HP LaserJet JetDirect Print Restriction Bypass

Source: XF
Type: UNKNOWN
hp-printer-flood(1818)

Source: MISC
Type: UNKNOWN
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0564

Vulnerable Configuration:

Configuration CCN 1:

cpe:/h:hp:network_printer:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-1999-0564 (CCN-5550)

Assigned:

1999-07-28

Published:

2000-11-19

Updated:

2000-11-19

Summary:

The could allow Internet users to attach to local printers. Due to a vulnerability in the CUPS access control configuration, a remote attacker can attach to a local printer. The attacker could not gain administrative privileges to the printer, but the attacker could use this to print to the printer to cause it to run out of paper, for example.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-1999-0564

Source: DEBIAN
Type: Debian Security Advisory 20001119
cupsys: remote misuse of printer

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2000:070
cups

Source: XF
Type: UNKNOWN
cups-remote-printer-usage(5550)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK