Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4107 | First vendor Publication | 2010-11-17 |
Vendor | Cve | Last vendor Modification | 2017-08-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4107 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 |
ExploitDB Exploits
id | Description |
---|---|
2014-04-23 | HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal |
2010-11-29 | HP LaserJet Directory Traversal in PJL Interface |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69268 | HP LaserJet Printers PJL Interface Unspecified Traversal Arbitrary File Access HP LaserJet Printers contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the PJL interface not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via an unspecified parameter(s). This directory traversal attack would allow the attacker to access an arbitrary file. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-01-06 | IAVM : 2011-B-0001 - HP Multiple LaserJet Printers Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0025868 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-05-05 | HP JetDirect PJL path traversal attempt RuleID : 38391 - Revision : 3 - Type : SERVER-OTHER |
2016-05-05 | HP JetDirect PJL path traversal attempt RuleID : 38390 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-08-20 | Name : The remote host is affected by a traversal vulnerability. File : hp_laserjet_hpsbpi02575_directory_traversal.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:12:31 |
|
2021-04-22 01:13:24 |
|
2020-05-23 00:26:51 |
|
2017-08-17 09:23:08 |
|
2016-04-26 20:12:56 |
|
2014-05-03 17:18:59 |
|
2014-02-17 10:58:28 |
|
2013-11-11 12:39:03 |
|
2013-05-10 23:36:22 |
|