Published: 01/12/2011 Updated: 18/09/2012
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote malicious users to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Vendor Advisories

In November, 2011, a potential security vulnerability was identified with certain HP printers and HP digital senders The vulnerability could be exploited remotely to install unauthorized printer firmware This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices ...