Published: 29/04/2013 Updated: 31/12/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware up to and including 52.x allows remote malicious users to read arbitrary files via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp color laserjet 9500 mfp c8549a
hp color laserjet cm6030 mfp ce664a
hp laserjet 4240 q7785a
hp laserjet 4250 q5400a
hp laserjet 9050 q7697a
hp laserjet 9050 mfp q3721a
hp laserjet m5035 mfp q7829a
hp laserjet m9040 mpf cc394a
hp color laserjet 4730 mfp cb480a
hp color laserjet 5550 q3714a
hp color laserjet enterprise cp4025 cc490a
hp color laserjet enterprise cp4525 cc493a
hp laserjet 9040 q7697a
hp laserjet 9040 mfp q3721a
hp laserjet m4345 mfp cb425a
hp laserjet m5025 mfp q7840a
hp digital sender 9250c cb472a
hp color laserjet 3000 q7534a
hp color laserjet cm6040 mfp q3939a
hp color laserjet cp3505 cb442a
hp laserjet 4345 mfp q3942a
hp laserjet 4350 q5407a
hp laserjet enterprise p3015 ce526a
hp laserjet m3027 mfp cb416a
hp laserjet m9050 mpf cc395a
hp laserjet p3005 q7812a
hp laserjet p4014 cb507a
hp color laserjet 3800 q5981a
hp color laserjet 4700 q7492a
hp color laserjet cp3525 cc469a
hp color laserjet cp4005 cb503a
hp color laserjet cp6015 q3932a
hp laserjet 5200l q7543a
hp laserjet 5200n q7543a
hp laserjet m3035 mfp cb414a
hp laserjet m3035 mfp cc519a
hp laserjet p4015 cb509a
hp laserjet p4515 cb514a

A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers The vulnerability could be exploited remotely to gain unauthorized access to files ...

This post is about accessing a printers file system through ordinary PostScript or PJL based print jobs -- since decades a documented feature of both languages The attack can be performed by anyone who can print, for example through USB or network It can even be carried out by a malicious website, using advanced cross site printing techniques in ...

Simple metasploit module that attempts to dump HP printer web admin credentials

HPCredDumper Simple metasploit module that attempts to dump HP printer web admin credentials Installation Download hp_printerpy and copy to /usr/share/metasploit-framework/modules/auxiliary/scanner/printer Then run reload_all from the msfconsole if it is already running > cp hp_printerpy /usr/share/metasploit-framework/modules/auxiliary/scanner/printer > msfcon

NVD-CWE-noinfo https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023 https://nvd.nist.gov https://github.com/aredspy/HPCredDumper https://packetstormsecurity.com/files/140813/Hacking-Printers-Advisory-2.html https://support.hp.com/us-en/document/c03744742

CVE-2012-5221

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect