|
Description
|
|
A vulnerability has been identified in HP LaserJet Printers, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by an input validation error within the Printer Job Language (PJL) interface when processing user-supplied requests, which could be exploited remotely to gain unauthorized access to files via a directory traversal.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
HP LaserJet MFP printers (all models with Printer Job Language (PJL) support)HP Color LaserJet MFP printers (all models with Printer Job Language (PJL) support)HP LaserJet 4100 seriesHP LaserJet 4200 seriesHP LaserJet 4300 seriesHP LaserJet 5100 seriesHP LaserJet 8150 seriesHP LaserJet 9000 series
|
|
|
|
|
|
Solution
|
|
Disable file system access via the PJL interface and set a PJL password :
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01707469/c01707469.pdf?jumpid=reg_R1002_USEN
|
|
|
|
|
|
CVE
|
|
CVE-2010-4107
|
|
|
|
|
|
References
|
|
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02004333
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
