Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hpHP Product Security Response TeamHP:C02004333
HistoryFeb 03, 2010 - 12:00 a.m.

HPSBPI02575 SSRT090255 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files

2010-02-0300:00:00
HP Product Security Response Team
support.hp.com
22

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

JSON

Potential Security Impact

Remote unauthorized access to files

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files.

RESOLUTION

Files within the printer can be accessed using the Printer Job Language (PJL) interface to exploit a directory traversal vulnerability. The vulnerability can be avoided by either one of the following actions:

  • Disable file system access via the PJL interface.

  • Set a PJL password.

These recommendations are documented in HP Imaging and Printing Security Best Practices - Configuring Security for Multiple LaserJet MFPs and Color LaserJet MFPs (in English).

Related

securityvulns 3
prion 1
packetstorm 3
seebug 2
nessus 1
exploitpack 2
myhack58 1
cve 1
cvelist 1
zdt 1
exploitdb 2
securityvulns
securityvulns
n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface
2010-11-30 00:00:00
HP LaserJet Multi Functional Devices unauthorized access
2010-11-30 00:00:00
[security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
2010-11-18 00:00:00
prion
prion
Directory traversal
2010-11-17 16:00:00
packetstorm
packetstorm
HP JetDirect PJL Interface Universal Path Traversal
2011-08-07 00:00:00
HP LaserJet PJL Interface Directory Traversal
2010-11-30 00:00:00
Hacking Printers Advisory 2
2017-01-31 00:00:00
seebug
seebug
HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal
2014-07-01 00:00:00
HP LaserJet Directory Traversal in PJL Interface
2014-07-01 00:00:00
nessus
nessus
HP LaserJet PJL Interface Directory Traversal (HPSBPI02575)
2013-08-20 00:00:00
exploitpack
exploitpack
HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal
2014-04-23 00:00:00
HP LaserJet - Directory Traversal in PJL Interface
2010-11-29 00:00:00
myhack58
myhack58
HP LaserJet printer PJL interface directory traversal vulnerability-vulnerability warning-the black bar safety net
2010-12-01 00:00:00
cve
cve
CVE-2010-4107
2010-11-17 16:00:00
cvelist
cvelist
CVE-2010-4107
2010-11-17 15:00:00
zdt
zdt
HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal
2014-05-03 00:00:00
exploitdb
exploitdb
HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal
2014-04-23 00:00:00
HP LaserJet - Directory Traversal in PJL Interface
2010-11-29 00:00:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

JSON
Related for HP:C02004333
securityvulns3prion1packetstorm3seebug2nessus1exploitpack2myhack581cve1cvelist1zdt1exploitdb2