All the vulnerabilites related to hp - color_laserjet_cm3530
cve-2012-3272
Vulnerability from cvelistv5
Published
2012-12-06 11:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1027841 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100778",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-08T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT100778",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100778",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2012-3272",
"datePublished": "2012-12-06T11:00:00",
"dateReserved": "2012-06-06T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4161
Vulnerability from cvelistv5
Published
2011-12-01 21:00
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/717921 | third-party-advisory, x_refsource_CERT-VN | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449 | vendor-advisory, x_refsource_HP | |
| http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112 | x_refsource_MISC | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449 | vendor-advisory, x_refsource_HP | |
| http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say | x_refsource_MISC | |
| http://secunia.com/advisories/47063 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1026357 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/51324 | vdb-entry, x_refsource_BID | |
| https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#717921",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
"refsource": "MISC",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
"refsource": "MISC",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"refsource": "MLIST",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-4161",
"datePublished": "2011-12-01T21:00:00",
"dateReserved": "2011-10-21T00:00:00",
"dateUpdated": "2024-08-07T00:01:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-12-06 11:45
Modified
2024-11-21 01:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | color_laserjet_cm3530 | * | |
| hp | color_laserjet_cm60xx | * | |
| hp | color_laserjet_cp3525 | * | |
| hp | color_laserjet_cp4xxx | * | |
| hp | color_laserjet_cp6015 | * | |
| hp | laserjet_p3015 | * | |
| hp | laserjet_p4xxx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE16FF9-34FC-4173-9057-F894FB86EA71",
"versionEndIncluding": "53.190.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm60xx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577BF556-A637-40FF-82DF-319F973A377B",
"versionEndIncluding": "53.190.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC659F01-95E7-450B-88A2-5EF81F52ADF0",
"versionEndIncluding": "06.140.3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4xxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4401E7-5A4B-4ECB-88E7-858B7EF3DA26",
"versionEndIncluding": "07.120.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BA04F-C4A1-45D1-AC10-42B6B1DFAFAF",
"versionEndIncluding": "04.160.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F908F88A-7579-4144-89A2-5361A4EB06D1",
"versionEndIncluding": "07.140.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4xxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEED1BE2-9E33-45BF-A095-14195711FB10",
"versionEndIncluding": "04.170.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Color LaserJet CM3530 con firmware anterior a v53.190.9, Color LaserJet CM60xx con firmware anterior a v52.210.9, Color LaserJet CP3525 con firmware anterior a v06.140.3 18, Color LaserJet CP4xxx con firmware anterior a v07.120.6, Color LaserJet CP6015 con firmware anterior a v04.160.3, LaserJet P3015 con firmware anterior a v07.140.3, y LaserJet P4xxx con firmware anterior a v04.170.3 permite a atacantes remotos ejecutar secuencias de comandos o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-3272",
"lastModified": "2024-11-21T01:40:33.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-06T11:45:47.060",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1027841"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-01 21:55
Modified
2024-11-21 01:31
Severity ?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7A20B7-2150-451C-A552-B1C6AE738B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE90FAC-3E5E-482B-B948-2C973E0861AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6F162B-7175-452D-8D50-AC0FB87FBBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE23783E-399C-431E-802D-68D496913A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "A0221E32-2EA3-4652-AFEB-0F55B9D6F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF6E37F-35A2-4EDD-B978-18BC51E1AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6030:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A8A052-C159-4257-85A7-9B7EC678AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B84958A-FB55-44B7-9109-B35DFDDC3DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7858A3E0-837A-4A10-9D70-99B751EEF279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD2C1D0-86E9-425D-AA7D-0F8413A13166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp5525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAA6A25-CF6E-44FF-98EB-80CEFFB2EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "276340C4-D4DB-4260-B424-769AB9E0CB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8652F3C8-D34A-4AE4-B2F0-31D636116F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9200c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0408E2-B242-4697-B784-2B4B6C1EE828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9250c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABAE0CD-0994-4D4D-9D9D-A50898C8C1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_500_color:m551:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDB4B85-F5CD-45DC-A5ED-C4C9F4E6FF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m601:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4AF24A-E25B-4A2F-B7B7-67E15AAF9B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m602:*:*:*:*:*:*:*",
"matchCriteriaId": "305480EC-1C47-4B8A-8568-7CE4C617A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m603:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFE81AF-91B0-40AE-9CF9-3820751AA9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB666B7-0A2E-4256-BBD0-817617F01425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEABADC-F719-48BF-9C28-92E09A506681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2A2D06-9C06-4001-B3ED-85C28846C8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FD4993-FD92-4D35-AD8D-099B76436CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029D54F1-1849-45AB-9DD4-7768197516B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45B98C71-FF30-44D9-904E-61676C4313F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de la impresora HP CM8060 Color MFP con Edgeline, y las impresoras HP Color 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx y Enterprise CPxxxx; las Digital Sender 9200c y 9250c; LaserJet 4xxx, 5200, 90XX, Mxxxx y Pxxxx y LaserJet Enterprise 500 color M551, 600, M4555 MFP, y P3015 permite la actualizaci\u00f3n remota del firmware (RFU), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la apertura de una sesi\u00f3n en el puerto TCP 9100 para subir una actualizaci\u00f3n de firmware dise\u00f1ada por el atacante."
}
],
"id": "CVE-2011-4161",
"lastModified": "2024-11-21T01:31:57.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-01T21:55:00.707",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}