Executive Summary

Title Certain HP LaserJet Printers, Remote Unauthorized Access to Files
Name HPSBPI02733 SSRT100646 First vendor Publication 2012-01-09
Vendor HP Last vendor Modification 2012-01-09
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A potential security vulnerability has been identified with certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03140700

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

Application 1
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
78224 HP LaserJet P3015 Embedded Web Server Traversal Arbitrary File Access

HP LaserJet P3015 contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the embedded web server not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to read arbitrary files.