Published: 17/11/2010 Updated: 17/08/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 800

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote malicious users to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp laserjet 5100
hp laserjet 8150
hp laserjet mfp
hp color laserjet mfp
hp laserjet 4200
hp laserjet 4300
hp laserjet 4100
hp 9000

A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers The vulnerability could be exploited remotely to gain unauthorized access to files ...

# Exploit Title: HP JetDirect PJL Query Execution # Date: Aug 7, 2011 # Author: Myo Soe <YGN Ethical Hacker Group - yehgnet/> # Software Link: wwwhpcom # Version: All # Tested on: HP LaserJet Pxxxx Series ## # $Id: $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial ...

#!/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $host = $ARGV[0]; # Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL # Google Dork: n/a # Date: 4/22/14 # Exploit Author: @0x00string # Vendor Homepage: wwwhpcom/products1/laserjetprinters/ # Software Link: n/a # Version: HP LaserJet P/M xxxx ...

nruns AG wwwnrunscom/ security(at)nrunscom nruns-SA-2010003 16-Nov-2010 ________________________________________________________________________ Vendor: Hewlett-Packard, wwwhpcom Affected Products: Various HP LaserJet MFP devices ...

# Exploit Title: HP JetDirect PJL Interface Universal Path Traversal # Date: Aug 7, 2011 # Author: Myo Soe <YGN Ethical Hacker Group - yehgnet/> # Software Link: wwwhpcom # Version: All # Tested on: HP LaserJet Pxxxx Series ## # $Id: $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribut ...

This post is about accessing a printers file system through ordinary PostScript or PJL based print jobs -- since decades a documented feature of both languages The attack can be performed by anyone who can print, for example through USB or network It can even be carried out by a malicious website, using advanced cross site printing techniques in ...

A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices File system access through PJL is usually restricted to a specific part of the file system Using a pathname such as 0:\\\\ it is possible to get access to the complete file system of the device ...

CWE-22 http://www.vupen.com/english/advisories/2010/2987 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333 http://secunia.com/advisories/42238 http://securitytracker.com/id?1024741 http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf http://www.securityfocus.com/bid/44882 http://www.exploit-db.com/exploits/15631 http://securityreason.com/securityalert/8328 https://exchange.xforce.ibmcloud.com/vulnerabilities/63261 https://nvd.nist.gov https://www.exploit-db.com/exploits/17636/https://support.hp.com/us-en/document/c02004333

CVE-2010-4107

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect