HP LaserJet Pro /dev/save_restore.xml Administrative Password Disclosure

Medium Nessus Plugin ID 69283

Synopsis

The remote printer is affected by an information disclosure vulnerability.

Description

The remote HP LaserJet Pro printer is affected by an information disclosure vulnerability. The file '/dev/save_restore.xml' contains a hexadecimal representation of the administrative password. This information can be used by an attacker in further attacks.

Solution

Update the printer's firmware or disable file system access via the Postscript interface.

See Also

http://www.nessus.org/u?6839c51c

http://www.nessus.org/u?08935147

Plugin Details

Severity: Medium

ID: 69283

File Name: hp_laserjetpro_saverestore_pwd_disclosure.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2013/08/09

Updated: 2018/11/15

Dependencies: 36128

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:hp:laserjet

Required KB Items: www/hp_laserjet/pname

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: false

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 2013/07/26

Vulnerability Publication Date: 2013/07/31

Reference Information

CVE: CVE-2013-4807

BID: 61565

IAVB: 2013-B-0080