Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4161

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-4161
Last Modified 17 Sep 2012 11:28:13
Published 01 Dec 2011 04:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4161

Summary

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Vulnerable Systems


References

MLIST - [dailydave] 20111130 The Vampire Diaries

MISC - http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say

MISC - http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112

HP - HPSBPI02728

HP - SSRT100692

BID - 51324

CERT-VN - VU#717921

SECTRACK - 1026357

SECUNIA - 47063


Last Updated: 27 May 2016 10:56:27