‘HP LaserJet Printers Unauthorized Access to Files Vulnerability’

Summary

A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers.’

Credit:

‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02004333


Details

Vulnerable Systems:
 * HP LaserJet MFP printers (all models with Printer Job Language (PJL) support)
 * HP Color LaserJet MFP printers (all models with Printer Job Language (PJL) support)
 * HP LaserJet 4100 series
 * HP LaserJet 4200 series
 * HP LaserJet 4300 series
 * HP LaserJet 5100 series
 * HP LaserJet 8150 series
 * HP LaserJet 9000 series

Files within the printer can be accessed using the Printer Job Language (PJL) interface to exploit a directory traversal vulnerability.

Workaround:
The vulnerability can be avoided by either one of the following actions:
1) disable file system access via the PJL interface
2) set a PJL password

CVE Information:
CVE-2010-4107

Disclosure Timeline:
15 November 2010 – Initial release’

Categories: News