HP LaserJet PJL Interface Directory Traversal (HPSBPI02575)
High Nessus Plugin ID 69480
SynopsisThe remote host is affected by a traversal vulnerability.
DescriptionThe remote host's PJL interface fails to sanitize input to the 'name' parameter of the 'fsdirlist' command before using it.
An attacker can leverage this issue using a directory traversal sequence to view arbitrary files on the affected host within the context of the PJL service. Information harvested may aid in launching further attacks.
SolutionSet a PJL password or disable file system access via the PJL interface.