All the vulnerabilites related to hp - color_laserjet_cp6015
cve-2012-3272
Vulnerability from cvelistv5
Published
2012-12-06 11:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1027841 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100778",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-08T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT100778",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100778",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2012-3272",
"datePublished": "2012-12-06T11:00:00",
"dateReserved": "2012-06-06T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4161
Vulnerability from cvelistv5
Published
2011-12-01 21:00
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/717921 | third-party-advisory, x_refsource_CERT-VN | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449 | vendor-advisory, x_refsource_HP | |
| http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112 | x_refsource_MISC | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449 | vendor-advisory, x_refsource_HP | |
| http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say | x_refsource_MISC | |
| http://secunia.com/advisories/47063 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1026357 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/51324 | vdb-entry, x_refsource_BID | |
| https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#717921",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
"refsource": "MISC",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
"refsource": "MISC",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"refsource": "MLIST",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-4161",
"datePublished": "2011-12-01T21:00:00",
"dateReserved": "2011-10-21T00:00:00",
"dateUpdated": "2024-08-07T00:01:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2684
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36613 | vdb-entry, x_refsource_BID | |
| http://dsecrg.com/pages/vul/show.php?id=148 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2009/2850 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36969 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/507038/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53677 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=125493484205823&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=125493484205823&w=2 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=148"
},
{
"name": "ADV-2009-2850",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2850"
},
{
"name": "36969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36969"
},
{
"name": "20091007 [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507038/100/0/threaded"
},
{
"name": "hp-laserjet-unspecified-xss(53677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53677"
},
{
"name": "HPSBPI02463",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"name": "SSRT090061",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=148"
},
{
"name": "ADV-2009-2850",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2850"
},
{
"name": "36969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36969"
},
{
"name": "20091007 [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507038/100/0/threaded"
},
{
"name": "hp-laserjet-unspecified-xss(53677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53677"
},
{
"name": "HPSBPI02463",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"name": "SSRT090061",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36613"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=148",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=148"
},
{
"name": "ADV-2009-2850",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2850"
},
{
"name": "36969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36969"
},
{
"name": "20091007 [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507038/100/0/threaded"
},
{
"name": "hp-laserjet-unspecified-xss(53677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53677"
},
{
"name": "HPSBPI02463",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"name": "SSRT090061",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2684",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5221
Vulnerability from cvelistv5
Published
2013-04-29 21:00
Modified
2024-08-06 20:58
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742 | vendor-advisory, x_refsource_HP | |
| http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBPI02869",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-23T21:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBPI02869",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-5221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02869",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2012-5221",
"datePublished": "2013-04-29T21:00:00",
"dateReserved": "2012-10-01T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-04-29 21:55
Modified
2024-11-21 01:44
Severity ?
Summary
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3000:q7534a:*:*:*:*:*:*:*",
"matchCriteriaId": "5F29EB4F-23B6-4875-8205-082A2691C652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3800:q5981a:*:*:*:*:*:*:*",
"matchCriteriaId": "84F21488-DCD7-48B9-A8A3-9631B59DB078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:q7492a:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7F42C9-3C34-4631-949F-CF663D263367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:cb480a:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28FCCA-8127-4240-97BC-CBB075B0ABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:q3714a:*:*:*:*:*:*:*",
"matchCriteriaId": "84B6EFDF-C99F-425C-A90A-2D3E7FF0DEF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500_mfp:c8549a:*:*:*:*:*:*:*",
"matchCriteriaId": "83AE0FF2-987B-4649-BB62-7C8264411A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6030_mfp:ce664a:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA57C0C-3BDB-4142-A6BC-091BDA7DFBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6040_mfp:q3939a:*:*:*:*:*:*:*",
"matchCriteriaId": "F898C744-5304-4A09-AA2B-FB0807EB0E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:cb442a:*:*:*:*:*:*:*",
"matchCriteriaId": "92C41C33-22A8-40D1-AEE0-30F1AE68ECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:cc469a:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6F8A9C-3CB7-4ED7-A429-B38756C38DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:cb503a:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9C45B9-754F-48F4-9AAB-89F6EAA75DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:q3932a:*:*:*:*:*:*:*",
"matchCriteriaId": "E6401654-D769-4EF0-87BF-75AE3E1B2AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4025:cc490a:*:*:*:*:*:*:*",
"matchCriteriaId": "891EEE00-61A5-4FD5-8EBB-B35B077C8BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:cc493a:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F925A9-96FE-4F0D-ADA6-DB7A9690A0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9250c:cb472a:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF4BAA8-430F-4448-A454-64FC333E5904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:q7785a:*:*:*:*:*:*:*",
"matchCriteriaId": "768B6070-68EB-4748-A4D2-7C99FD7A5669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:q5400a:*:*:*:*:*:*:*",
"matchCriteriaId": "86E90120-D1E4-4569-BCF4-6E2AE0AB04DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:q3942a:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF59890-654A-4AEE-BF52-93E7AA796046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:q5407a:*:*:*:*:*:*:*",
"matchCriteriaId": "7F596D16-490E-4950-8A9B-5241906ED5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200l:q7543a:*:*:*:*:*:*:*",
"matchCriteriaId": "D60111B2-DAC6-4FB1-9921-B6550CAAD4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200n:q7543a:*:*:*:*:*:*:*",
"matchCriteriaId": "82F8D5DE-1D66-4F1E-B273-233814F0CC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:q7697a:*:*:*:*:*:*:*",
"matchCriteriaId": "D40FF37E-F95A-429D-BC5B-F48D7C47C88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040_mfp:q3721a:*:*:*:*:*:*:*",
"matchCriteriaId": "162B0C2C-8C9C-467D-A309-8DDA7CE72B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:q7697a:*:*:*:*:*:*:*",
"matchCriteriaId": "660788B3-D2B6-4118-B443-9DE177FBE156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050_mfp:q3721a:*:*:*:*:*:*:*",
"matchCriteriaId": "69E39058-9565-4C1B-BB71-553ECB274216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:ce526a:*:*:*:*:*:*:*",
"matchCriteriaId": "33ABE7DA-88CD-468B-9285-FE1509BA7D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3027_mfp:cb416a:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3A0981-F09D-47B4-B441-3497291A9413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:cb414a:*:*:*:*:*:*:*",
"matchCriteriaId": "008B528D-EBA7-4CC5-8E2F-F68D78222E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:cc519a:*:*:*:*:*:*:*",
"matchCriteriaId": "AA629824-72AF-40A5-8427-F5AFDE3AEBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m4345_mfp:cb425a:*:*:*:*:*:*:*",
"matchCriteriaId": "D94328FB-B382-4231-8A4E-32C9AE7B8D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5025_mfp:q7840a:*:*:*:*:*:*:*",
"matchCriteriaId": "331317DD-0827-45B0-B2B9-A3713B3AA767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035_mfp:q7829a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC132570-AB09-41CE-A3CF-755C9791171F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9040_mpf:cc394a:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB5A6D2-CFE3-4F7C-BD24-024D37836A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9050_mpf:cc395a:*:*:*:*:*:*:*",
"matchCriteriaId": "E82E7BE5-3B46-47C2-A560-7C11CD8B361A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:q7812a:*:*:*:*:*:*:*",
"matchCriteriaId": "98B48314-2048-4856-80DA-EA08466EF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:cb507a:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5FE9B2-99DD-4A4F-8914-B1DC6EA3B6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:cb509a:*:*:*:*:*:*:*",
"matchCriteriaId": "F95EFE75-1428-4461-9062-56952EB96D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4515:cb514a:*:*:*:*:*:*:*",
"matchCriteriaId": "EACC9283-F37A-426B-9AD9-05B2F8D6325D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005 y P4xxx; LaserJet Enterprise P3015; 3xxx Color LaserJet, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005 y CP6015, Color LaserJet Enterprise CP4xxx y digital Sender 9250c con firmware hasta la version v52.x permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-5221",
"lastModified": "2024-11-21T01:44:17.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-29T21:55:00.997",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-01 21:55
Modified
2024-11-21 01:31
Severity ?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7A20B7-2150-451C-A552-B1C6AE738B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE90FAC-3E5E-482B-B948-2C973E0861AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6F162B-7175-452D-8D50-AC0FB87FBBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE23783E-399C-431E-802D-68D496913A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "A0221E32-2EA3-4652-AFEB-0F55B9D6F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF6E37F-35A2-4EDD-B978-18BC51E1AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6030:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A8A052-C159-4257-85A7-9B7EC678AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B84958A-FB55-44B7-9109-B35DFDDC3DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7858A3E0-837A-4A10-9D70-99B751EEF279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD2C1D0-86E9-425D-AA7D-0F8413A13166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp5525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAA6A25-CF6E-44FF-98EB-80CEFFB2EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "276340C4-D4DB-4260-B424-769AB9E0CB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8652F3C8-D34A-4AE4-B2F0-31D636116F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9200c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0408E2-B242-4697-B784-2B4B6C1EE828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9250c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABAE0CD-0994-4D4D-9D9D-A50898C8C1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_500_color:m551:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDB4B85-F5CD-45DC-A5ED-C4C9F4E6FF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m601:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4AF24A-E25B-4A2F-B7B7-67E15AAF9B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m602:*:*:*:*:*:*:*",
"matchCriteriaId": "305480EC-1C47-4B8A-8568-7CE4C617A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m603:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFE81AF-91B0-40AE-9CF9-3820751AA9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB666B7-0A2E-4256-BBD0-817617F01425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEABADC-F719-48BF-9C28-92E09A506681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2A2D06-9C06-4001-B3ED-85C28846C8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FD4993-FD92-4D35-AD8D-099B76436CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029D54F1-1849-45AB-9DD4-7768197516B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45B98C71-FF30-44D9-904E-61676C4313F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de la impresora HP CM8060 Color MFP con Edgeline, y las impresoras HP Color 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx y Enterprise CPxxxx; las Digital Sender 9200c y 9250c; LaserJet 4xxx, 5200, 90XX, Mxxxx y Pxxxx y LaserJet Enterprise 500 color M551, 600, M4555 MFP, y P3015 permite la actualizaci\u00f3n remota del firmware (RFU), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la apertura de una sesi\u00f3n en el puerto TCP 9100 para subir una actualizaci\u00f3n de firmware dise\u00f1ada por el atacante."
}
],
"id": "CVE-2011-4161",
"lastModified": "2024-11-21T01:31:57.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-01T21:55:00.707",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | cm8050_mfp | * | |
| hp | cm8060_mfp | * | |
| hp | color_laserjet_3000n | * | |
| hp | color_laserjet_3600n | * | |
| hp | color_laserjet_3800n | * | |
| hp | color_laserjet_4700n | * | |
| hp | color_laserjet_4730_mfp | * | |
| hp | color_laserjet_6040_mfp | * | |
| hp | color_laserjet_cm4730_mfp | * | |
| hp | color_laserjet_cp3505 | * | |
| hp | color_laserjet_cp4005n | * | |
| hp | color_laserjet_cp6015 | * | |
| hp | ds_9200c | * | |
| hp | ds_9250c | * | |
| hp | laserjet_2410 | * | |
| hp | laserjet_2420 | * | |
| hp | laserjet_2430n | * | |
| hp | laserjet_4240 | * | |
| hp | laserjet_4250n | * | |
| hp | laserjet_4345_mfp | * | |
| hp | laserjet_4350n | * | |
| hp | laserjet_5200n | * | |
| hp | laserjet_9040_mfp | * | |
| hp | laserjet_9040n | * | |
| hp | laserjet_9050_mfp | * | |
| hp | laserjet_9050n | * | |
| hp | laserjet_m3027_mfp | * | |
| hp | laserjet_m3035_mfp | * | |
| hp | laserjet_m4345x_mfp | * | |
| hp | laserjet_m5025_mfp | * | |
| hp | laserjet_m9040_mpf | * | |
| hp | laserjet_m9050_mpf | * | |
| hp | laserjet_p3005n | * | |
| hp | laserjet_p4014 | * | |
| hp | laserjet_p4515 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:cm8050_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "009EBEE6-1863-4E6B-BB73-8FB1168AD164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:cm8060_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC795DF-7811-461F-8F50-60E00C8EBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3000n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2916ED3C-57AF-4DE9-9329-DDA66AD983AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3600n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0714BB6-5CB9-42FD-B534-A7BF74F83EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3800n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "388C4301-9BC1-43EB-8C8F-862D5D5916A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD166E1F-3A57-4293-AF22-373FB2784FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_6040_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDAC0E8-889C-4E76-AC6C-B9A6B0D792FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E646E2D7-7C65-4A6F-8B51-A6119B512837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF8ACEA-FB3F-40EA-81C6-29EF9FCFB302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:ds_9200c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "341EE50F-0CD3-401A-B429-3B2EFE285036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:ds_9250c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA39BF1D-283E-4049-91C9-B93C93432DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92DD1DA2-7210-4A7E-BD37-5365935C7BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2420:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2505387C-7739-4EFE-8973-459412727674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2430n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6F7DE2-1A67-4389-99A9-C6796025E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF512AA5-F72B-470F-BA53-8EC6851F2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED3264A-7745-4BB7-9D1B-F7D9560788D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA350C-6631-4474-8FFD-D439234D2D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5352B3B-71D5-464E-B124-6FFC41F41B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87632290-99A8-4E9F-9FA5-F497DE690837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA57B8-2AD5-45EF-9824-E60EBFF71D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38237939-9DE0-4CDE-916B-E0F822975773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95CC32-07DA-473D-BDAC-347B137E582A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC3DE1F-AA79-4FE8-B634-368BDF14C0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m4345x_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7995CEA-25BF-45A1-B166-B4A962FCB5CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55C69873-A989-4B66-8D28-67A260EC7A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9040_mpf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C793A8D-5C58-481A-A253-4704A7EE29CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9050_mpf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6F181F-3AB7-409D-B32F-8B09B6DDA110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D04BDC-9273-4A09-BED4-18E44E99EBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Jetdirect y Embedded Web Server (EWS) sobre ciertas HP LaserJet e impresoras Color LaserJet, y HP Digital Senders, permiten a atacantes remotos inyectar c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de (1) Product_URL o (2)par\u00e1metro Tech_URL en una acci\u00f3n Apply en el c\u00f3digo support_param.html/config."
}
],
"id": "CVE-2009-2684",
"lastModified": "2024-11-21T01:05:29.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=148"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36969"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507038/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36613"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2850"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507038/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-06 11:45
Modified
2024-11-21 01:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | color_laserjet_cm3530 | * | |
| hp | color_laserjet_cm60xx | * | |
| hp | color_laserjet_cp3525 | * | |
| hp | color_laserjet_cp4xxx | * | |
| hp | color_laserjet_cp6015 | * | |
| hp | laserjet_p3015 | * | |
| hp | laserjet_p4xxx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE16FF9-34FC-4173-9057-F894FB86EA71",
"versionEndIncluding": "53.190.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm60xx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577BF556-A637-40FF-82DF-319F973A377B",
"versionEndIncluding": "53.190.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC659F01-95E7-450B-88A2-5EF81F52ADF0",
"versionEndIncluding": "06.140.3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4xxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4401E7-5A4B-4ECB-88E7-858B7EF3DA26",
"versionEndIncluding": "07.120.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BA04F-C4A1-45D1-AC10-42B6B1DFAFAF",
"versionEndIncluding": "04.160.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F908F88A-7579-4144-89A2-5361A4EB06D1",
"versionEndIncluding": "07.140.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4xxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEED1BE2-9E33-45BF-A095-14195711FB10",
"versionEndIncluding": "04.170.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Color LaserJet CM3530 con firmware anterior a v53.190.9, Color LaserJet CM60xx con firmware anterior a v52.210.9, Color LaserJet CP3525 con firmware anterior a v06.140.3 18, Color LaserJet CP4xxx con firmware anterior a v07.120.6, Color LaserJet CP6015 con firmware anterior a v04.160.3, LaserJet P3015 con firmware anterior a v07.140.3, y LaserJet P4xxx con firmware anterior a v04.170.3 permite a atacantes remotos ejecutar secuencias de comandos o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-3272",
"lastModified": "2024-11-21T01:40:33.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-06T11:45:47.060",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1027841"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}