HP LaserJet Pro Printers Unauthorized Data Access (April 2013)

medium Nessus Plugin ID 66358

Synopsis

The remote printer is potentially affected by an unauthorized data access vulnerability.

Description

The remote HP printer is potentially affected by an unauthorized data access vulnerability. By exploiting this flaw, a remote, unauthenticated attacker could gain access to sensitive information.

Solution

Update the printer's firmware or disable file system access via the Postscript interface.

See Also

http://www.nessus.org/u?69735802

https://www.securityfocus.com/archive/1/531265/30/0/threaded

Plugin Details

Severity: Medium

ID: 66358

File Name: hp_laserjetpro_data_access2.nbin

Version: 1.77

Type: remote

Family: Misc.

Published: 5/9/2013

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-5221

Vulnerability Information

CPE: cpe:/h:hp:color_laserjet, cpe:/h:hp:laserjet, cpe:/h:hp:digital_sender

Exploit Ease: No known exploits are available

Patch Publication Date: 4/25/2013

Vulnerability Publication Date: 4/25/2013

Reference Information

CVE: CVE-2012-5221

BID: 59511

IAVB: 2013-B-0043