Detections
Analytics

HP LaserJet Printers Insecure Default Initialization of Resource (CVE-2011-4161)

critical Tenable OT Security Plugin ID 505354

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The default configuration of the HP CM8060 Color MFP with Edgeline;
Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?75b11afe

http://www.nessus.org/u?ff0fde5e

http://www.nessus.org/u?56a40c14

http://secunia.com/advisories/47063

http://www.kb.cert.org/vuls/id/717921

http://www.securityfocus.com/bid/51324

http://www.securitytracker.com/id?1026357

http://www.nessus.org/u?dc20d51d

Plugin Details

Severity: Critical

ID: 505354

File Name: tenable_ot_hp_CVE-2011-4161.nasl

Version: 1.1

Type: Remote

Family: Tenable.ot

Published: 5/26/2026

Updated: 5/26/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-4161

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:hp:laserjet_9050, cpe:/h:hp:laserjet_4250, cpe:/h:hp:laserjet_4350, cpe:/h:hp:laserjet_9040, cpe:/h:hp:color_laserjet_cp3505, cpe:/h:hp:color_laserjet_cp6015, cpe:/h:hp:laserjet_4240, cpe:/h:hp:laserjet_5200n, cpe:/h:hp:laserjet_p4014, cpe:/h:hp:laserjet_p4515, cpe:/h:hp:color_laserjet_4700, cpe:/h:hp:color_laserjet_5550, cpe:/h:hp:color_laserjet_9500, cpe:/h:hp:laserjet_p3005, cpe:/h:hp:laserjet_p4015, cpe:/h:hp:color_laserjet_3000, cpe:/h:hp:color_laserjet_3800, cpe:/h:hp:color_laserjet_cm3530, cpe:/h:hp:color_laserjet_cm6030, cpe:/h:hp:color_laserjet_cm6040, cpe:/h:hp:color_laserjet_cp3525, cpe:/h:hp:color_laserjet_cp4005, cpe:/h:hp:color_laserjet_enterprise_cp4525, cpe:/h:hp:laserjet_enterprise_p3015, cpe:/h:hp:laserjet_p2035_printer_series, cpe:/h:hp:laserjet_pro_m1212nf_multifunction_printer_series, cpe:/h:hp:laserjet_m9050_multifunction_printer, cpe:/h:hp:laserjet_2400_printer_series, cpe:/h:hp:laserjet_m3027_multifunction_printer, cpe:/h:hp:laserjet_m4345_multifunction_printer, cpe:/h:hp:laserjet_pro_cp1025_color_printer_series, cpe:/h:hp:color_laserjet_cp1210_printer_series, cpe:/h:hp:laserjet_m1120_multifunction_printer_series, cpe:/h:hp:color_laserjet_4730_multifunction_printer, cpe:/h:hp:laserjet_m1522_multifunction_printer_series, cpe:/h:hp:color_laserjet_9500_multifunction_printer, cpe:/h:hp:laserjet_m3035_multifunction_printer, cpe:/h:hp:laserjet_m9040_multifunction_printer, cpe:/h:hp:laserjet_p2055_printer_series, cpe:/h:hp:laserjet_4345_multifunction_printer, cpe:/h:hp:laserjet_pro_100_color_mfp_m175, cpe:/h:hp:color_laserjet_cm2320_multifunction_printer_series, cpe:/h:hp:color_laserjet_cm1312nfi_multifunction_printer, cpe:/h:hp:laserjet_pro_p1102_printer_series, cpe:/h:hp:color_laserjet_2800_all-in-one_printer_series, cpe:/h:hp:laserjet_pro_m1136_multifunction_printer_series, cpe:/h:hp:color_laserjet_cp1510_printer_series, cpe:/h:hp:laserjet_9040_multifunction_printer, cpe:/h:hp:laserjet_pro_p1606dn_printer, cpe:/h:hp:laserjet_m5035_multifunction_printer, cpe:/h:hp:laserjet_pro_cm1415_color_multifunction_printer, cpe:/h:hp:color_laserjet_cp2025, cpe:/h:hp:laserjet_5200l, cpe:/h:hp:laserjet_m5025_multifunction_printer, cpe:/h:hp:laserjet_9050_multifunction_printer, cpe:/h:hp:color_laserjet_cm4730_multifunction_printer, cpe:/h:hp:laserjet_m2727_multifunction_printer_series, cpe:/h:hp:laserjet_pro_m1536_multifunction_printer, cpe:/h:hp:color_laserjet_cm1312_multifunction_printer, cpe:/h:hp:laserjet_pro_cp1525_color_printer, cpe:/h:hp:laserjet_m1319_multifunction_printer_series, cpe:/h:hp:laserjet_p1500_printer_series, cpe:/h:hp:color_laserjet_professional_cp5225_printer_series

Required KB Items: Tenable.ot/HP

Patch Publication Date: 12/1/2011

Vulnerability Publication Date: 12/1/2011

Reference Information

CVE: CVE-2011-4161

CWE: 1188