Vulnerability CVE-2012-5221
Published: 2013-04-29   Modified: 2013-04-30

Description:
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
HP -> Laserjet 4240 
HP -> Laserjet m9040 mpf 
HP -> Color laserjet 3000 
HP -> Laserjet 4250 
HP -> Laserjet m9050 mpf 
HP -> Color laserjet 3800 
HP -> Laserjet 4345 mfp 
HP -> Laserjet p3005 
HP -> Color laserjet 4700 
HP -> Laserjet 4350 
HP -> Laserjet p4014 
HP -> Color laserjet 4730 mfp 
HP -> Laserjet 5200l 
HP -> Laserjet p4015 
HP -> Color laserjet 5550 
HP -> Laserjet 5200n 
HP -> Laserjet p4515 
HP -> Color laserjet 9500 mfp 
HP -> Laserjet 9040 
HP -> Color laserjet cm6030 mfp 
HP -> Laserjet 9040 mfp 
HP -> Color laserjet cm6040 mfp 
HP -> Laserjet 9050 
HP -> Color laserjet cp3505 
HP -> Laserjet 9050 mfp 
HP -> Color laserjet cp3525 
HP -> Laserjet enterprise p3015 
HP -> Color laserjet cp4005 
HP -> Laserjet m3027 mfp 
HP -> Color laserjet cp6015 
HP -> Laserjet m3035 mfp 
HP -> Color laserjet enterprise cp4025 
HP -> Laserjet m4345 mfp 
HP -> Color laserjet enterprise cp4525 
HP -> Laserjet m5025 mfp 
HP -> Digital sender 9250c 
HP -> Laserjet m5035 mfp 

 References:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023
Copyright 2024, cxsecurity.com

 

Back to Top