VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-4107
9000, color_laserjet_mfp, laserjet_4100, laserjet_4200, laserjet_4300, laserjet_5...: The default configuration of the PJL Access value i...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4107

Original

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-11-17
Source Information Category:
Advisory, Alert
Last Updated:
2010-11-18




Affected Product Tags
cpe:/h:hp:9000
cpe:/h:hp:color_laserjet_mfp
cpe:/h:hp:laserjet_4100
cpe:/h:hp:laserjet_4200
cpe:/h:hp:laserjet_4300
cpe:/h:hp:laserjet_5100
cpe:/h:hp:laserjet_8150
cpe:/h:hp:laserjet_mfp
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
HP HPSBPI02575




HP SSRT090255




SECTRACK 1024741




SECUNIA 42238




VUPEN ADV-2010-2987




Vulnerability Type Path Traversal (CWE-22)




XF hp-laserjet-pjl-directory-traversal(63261)




Copyright © 2010 JPCERT/CC All Rights Reserved.