Published: 29/04/2013 Updated: 31/12/2013
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware up to and including 52.x allows remote malicious users to read arbitrary files via unknown vectors.

Vendor Advisories

A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers The vulnerability could be exploited remotely to gain unauthorized access to files ...

Mailing Lists

This post is about accessing a printers file system through ordinary PostScript or PJL based print jobs -- since decades a documented feature of both languages The attack can be performed by anyone who can print, for example through USB or network It can even be carried out by a malicious website, using advanced cross site printing techniques in ...