Vulnerability CVE-2012-5221


Published: 2013-04-29

Description:
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.

Type:

CWE-noinfo

Vendor: HP
Product: Laserjet m5025 mfp 
Version: q7840a;
Product: Laserjet m5035 mfp 
Version: q7829a;
Product: Laserjet p3005 
Version: q7812a;
Product: Laserjet 4240 
Version: q7785a;
Product: Laserjet 9040 
Version: q7697a;
Product: Laserjet 9050 
Version: q7697a;
Product: Laserjet 5200l 
Version: q7543a;
Product: Laserjet 5200n 
Version: q7543a;
Product: Color laserjet 3000 
Version: q7534a;
Product: Color laserjet 4700 
Version: q7492a;
Product: Color laserjet 3800 
Version: q5981a;
Product: Laserjet 4350 
Version: q5407a;
Product: Laserjet 4250 
Version: q5400a;
Product: Laserjet 4345 mfp 
Version: q3942a;
Product: Color laserjet cm6040 mfp 
Version: q3939a;
Product: Color laserjet cp6015 
Version: q3932a;
Product: Laserjet 9040 mfp 
Version: q3721a;
Product: Laserjet 9050 mfp 
Version: q3721a;
Product: Color laserjet 5550 
Version: q3714a;
Product: Color laserjet cm6030 mfp 
Version: ce664a;
Product: Laserjet enterprise p3015 
Version: ce526a;
Product: Laserjet m3035 mfp 
Version: cc519a; cb414a;
Product: Color laserjet enterprise cp4525 
Version: cc493a;
Product: Color laserjet enterprise cp4025 
Version: cc490a;
Product: Color laserjet cp3525 
Version: cc469a;
Product: Laserjet m9050 mpf 
Version: cc395a;
Product: Laserjet m9040 mpf 
Version: cc394a;
Product: Laserjet p4515 
Version: cb514a;
Product: Laserjet p4015 
Version: cb509a;
Product: Laserjet p4014 
Version: cb507a;
Product: Color laserjet cp4005 
Version: cb503a;
Product: Color laserjet 4730 mfp 
Version: cb480a;
Product: Digital sender 9250c 
Version: cb472a;
Product: Color laserjet cp3505 
Version: cb442a;
Product: Laserjet m4345 mfp 
Version: cb425a;
Product: Laserjet m3027 mfp 
Version: cb416a;
Product: Color laserjet 9500 mfp 
Version: c8549a;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023

Related CVE
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5403
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5402
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5401
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). B...
CVE-2019-3485
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1

Copyright 2019, cxsecurity.com

 

Back to Top