CVE-2010-4107

Current Description

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

Basic Data

PublishedNovember 17, 2010
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-22
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareHp9000********
    2.3HardwareHpColor Laserjet Mfp********
    2.3HardwareHpLaserjet 4100********
    2.3HardwareHpLaserjet 4200********
    2.3HardwareHpLaserjet 4300********
    2.3HardwareHpLaserjet 5100********
    2.3HardwareHpLaserjet 8150********
    2.3HardwareHpLaserjet Mfp********

Vulnerable Software List

VendorProductVersions
Hp Laserjet 8150 *
Hp Color Laserjet Mfp *
Hp Laserjet Mfp *
Hp Laserjet 4200 *
Hp Laserjet 4100 *
Hp Laserjet 4300 *
Hp Laserjet 5100 *
Hp 9000 *

References

NameSourceURLTags
42238http://secunia.com/advisories/42238SECUNIAVendor Advisory
8328http://securityreason.com/securityalert/8328SREASON
1024741http://securitytracker.com/id?1024741SECTRACK
15631http://www.exploit-db.com/exploits/15631EXPLOIT-DB
HPSBPI02575http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333HP
http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdfhttp://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdfMISC
44882http://www.securityfocus.com/bid/44882BID
ADV-2010-2987http://www.vupen.com/english/advisories/2010/2987VUPENVendor Advisory
hp-laserjet-pjl-directory-traversal(63261)https://exchange.xforce.ibmcloud.com/vulnerabilities/63261XF