HP Product Security Response TeamHP:C02267197HPSBPI02656 SSRT090262 rev.2 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Potential Security Impact
Remote unauthorized access to data, cross site scripting (XSS)
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with certain HP Photosmart printers. These vulnerabilities could be exploited remotely for cross site scripting (XSS) or to gain unauthorized access to data or printer configuration information.
RESOLUTION
The following are recommended to work around the vulnerabilities:
CVE-2011-1531 (webscan)
- If using wireless printer access, ensure that the wireless network is encrypted and secured with a password.
- Configure a firewall to block access to the printer’s Embedded Web Server (EWS) from networks that are not trusted.
- Remove documents from the scan surface as soon as scanning is complete.
CVE-2011-1532 (SNMP)
- If using wireless printer access, ensure that the wireless network is encrypted and secured with a password.
- Configure a firewall to block access to the printer’s Embedded Web Server (EWS) from networks that are not trusted.
CVE-2011-1533 (XSS)
- Exposure can be reduced by avoiding untrusted URLs.
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P