Search criteria
3 vulnerabilities found for laserjet_m5035 by hp
FKIE_CVE-2011-4161
Vulnerability from fkie_nvd - Published: 2011-12-01 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7A20B7-2150-451C-A552-B1C6AE738B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE90FAC-3E5E-482B-B948-2C973E0861AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6F162B-7175-452D-8D50-AC0FB87FBBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE23783E-399C-431E-802D-68D496913A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "A0221E32-2EA3-4652-AFEB-0F55B9D6F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF6E37F-35A2-4EDD-B978-18BC51E1AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6030:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A8A052-C159-4257-85A7-9B7EC678AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B84958A-FB55-44B7-9109-B35DFDDC3DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7858A3E0-837A-4A10-9D70-99B751EEF279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD2C1D0-86E9-425D-AA7D-0F8413A13166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp5525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAA6A25-CF6E-44FF-98EB-80CEFFB2EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "276340C4-D4DB-4260-B424-769AB9E0CB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8652F3C8-D34A-4AE4-B2F0-31D636116F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9200c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0408E2-B242-4697-B784-2B4B6C1EE828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9250c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABAE0CD-0994-4D4D-9D9D-A50898C8C1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_500_color:m551:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDB4B85-F5CD-45DC-A5ED-C4C9F4E6FF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m601:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4AF24A-E25B-4A2F-B7B7-67E15AAF9B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m602:*:*:*:*:*:*:*",
"matchCriteriaId": "305480EC-1C47-4B8A-8568-7CE4C617A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m603:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFE81AF-91B0-40AE-9CF9-3820751AA9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB666B7-0A2E-4256-BBD0-817617F01425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEABADC-F719-48BF-9C28-92E09A506681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2A2D06-9C06-4001-B3ED-85C28846C8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FD4993-FD92-4D35-AD8D-099B76436CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029D54F1-1849-45AB-9DD4-7768197516B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45B98C71-FF30-44D9-904E-61676C4313F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de la impresora HP CM8060 Color MFP con Edgeline, y las impresoras HP Color 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx y Enterprise CPxxxx; las Digital Sender 9200c y 9250c; LaserJet 4xxx, 5200, 90XX, Mxxxx y Pxxxx y LaserJet Enterprise 500 color M551, 600, M4555 MFP, y P3015 permite la actualizaci\u00f3n remota del firmware (RFU), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la apertura de una sesi\u00f3n en el puerto TCP 9100 para subir una actualizaci\u00f3n de firmware dise\u00f1ada por el atacante."
}
],
"id": "CVE-2011-4161",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-01T21:55:00.707",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-4161 (GCVE-0-2011-4161)
Vulnerability from cvelistv5 – Published: 2011-12-01 21:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#717921",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
"refsource": "MISC",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
"refsource": "MISC",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"refsource": "MLIST",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-4161",
"datePublished": "2011-12-01T21:00:00",
"dateReserved": "2011-10-21T00:00:00",
"dateUpdated": "2024-08-07T00:01:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4161 (GCVE-0-2011-4161)
Vulnerability from nvd – Published: 2011-12-01 21:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#717921",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
"refsource": "MISC",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
"refsource": "MISC",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"refsource": "MLIST",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-4161",
"datePublished": "2011-12-01T21:00:00",
"dateReserved": "2011-10-21T00:00:00",
"dateUpdated": "2024-08-07T00:01:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}