Vulnerability CVE-2012-5221


Published: 2013-04-29

Description:
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.

Type:

CWE-noinfo

Vendor: HP
Product: Laserjet m5025 mfp 
Version: q7840a;
Product: Laserjet m5035 mfp 
Version: q7829a;
Product: Laserjet p3005 
Version: q7812a;
Product: Laserjet 4240 
Version: q7785a;
Product: Laserjet 9040 
Version: q7697a;
Product: Laserjet 9050 
Version: q7697a;
Product: Laserjet 5200l 
Version: q7543a;
Product: Laserjet 5200n 
Version: q7543a;
Product: Color laserjet 3000 
Version: q7534a;
Product: Color laserjet 4700 
Version: q7492a;
Product: Color laserjet 3800 
Version: q5981a;
Product: Laserjet 4350 
Version: q5407a;
Product: Laserjet 4250 
Version: q5400a;
Product: Laserjet 4345 mfp 
Version: q3942a;
Product: Color laserjet cm6040 mfp 
Version: q3939a;
Product: Color laserjet cp6015 
Version: q3932a;
Product: Laserjet 9040 mfp 
Version: q3721a;
Product: Laserjet 9050 mfp 
Version: q3721a;
Product: Color laserjet 5550 
Version: q3714a;
Product: Color laserjet cm6030 mfp 
Version: ce664a;
Product: Laserjet enterprise p3015 
Version: ce526a;
Product: Laserjet m3035 mfp 
Version: cc519a; cb414a;
Product: Color laserjet enterprise cp4525 
Version: cc493a;
Product: Color laserjet enterprise cp4025 
Version: cc490a;
Product: Color laserjet cp3525 
Version: cc469a;
Product: Laserjet m9050 mpf 
Version: cc395a;
Product: Laserjet m9040 mpf 
Version: cc394a;
Product: Laserjet p4515 
Version: cb514a;
Product: Laserjet p4015 
Version: cb509a;
Product: Laserjet p4014 
Version: cb507a;
Product: Color laserjet cp4005 
Version: cb503a;
Product: Color laserjet 4730 mfp 
Version: cb480a;
Product: Digital sender 9250c 
Version: cb472a;
Product: Color laserjet cp3505 
Version: cb442a;
Product: Laserjet m4345 mfp 
Version: cb425a;
Product: Laserjet m3027 mfp 
Version: cb416a;
Product: Color laserjet 9500 mfp 
Version: c8549a;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023

Related CVE
CVE-2018-7120
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.
CVE-2018-7119
A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all vers...
CVE-2018-5927
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.
CVE-2018-5926
A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.
CVE-2018-5923
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.
CVE-2017-2752
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as...
CVE-2017-2748
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
CVE-2019-3484
Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.

Copyright 2019, cxsecurity.com

 

Back to Top