CVE-2002-1796
HIGHHP ChaiVM EZloader - Improper Verification of Cryptographic Signature
Title source: llmDescription
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
References (5)
Core 5
Core References
Broken Link, Vendor Advisory x_refsource_misc
http://www.phenoelit.de/stuff/HP_Chai.txt
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5334
Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vendor-advisory
x_refsource_hp
http://online.securityfocus.com/advisories/4317
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9695.php
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/284648
Scores
CVSS v3
7.8
EPSS
0.0011
EPSS Percentile
28.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-347
Status
published
Products (1)
hp/chaivm_ezloader
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026