Executive Summary
Summary | |
---|---|
Title | HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files |
Informations | |||
---|---|---|---|
Name | HPSBPI02575 SSRT090255 | First vendor Publication | 2010-11-15 |
Vendor | HP | Last vendor Modification | 2010-11-15 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02004333 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 |
ExploitDB Exploits
id | Description |
---|---|
2014-04-23 | HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal |
2010-11-29 | HP LaserJet Directory Traversal in PJL Interface |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69268 | HP LaserJet Printers PJL Interface Unspecified Traversal Arbitrary File Access HP LaserJet Printers contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the PJL interface not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via an unspecified parameter(s). This directory traversal attack would allow the attacker to access an arbitrary file. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-01-06 | IAVM : 2011-B-0001 - HP Multiple LaserJet Printers Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0025868 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-05-05 | HP JetDirect PJL path traversal attempt RuleID : 38391 - Revision : 3 - Type : SERVER-OTHER |
2016-05-05 | HP JetDirect PJL path traversal attempt RuleID : 38390 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-08-20 | Name : The remote host is affected by a traversal vulnerability. File : hp_laserjet_hpsbpi02575_directory_traversal.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2013-11-11 12:41:01 |
|