7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
Remote unauthorized access to files
A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files.
Files within the printer can be accessed using the Printer Job Language (PJL) interface to exploit a directory traversal vulnerability. The vulnerability can be avoided by either one of the following actions:
Disable file system access via the PJL interface.
Set a PJL password.
These recommendations are documented in HP Imaging and Printing Security Best Practices - Configuring Security for Multiple LaserJet MFPs and Color LaserJet MFPs (in English).