Vulnerability Details CVE-2011-4161
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.13
EPSS Ranking 93.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
- http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
- http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
- http://secunia.com/advisories/47063
- http://www.kb.cert.org/vuls/id/717921
- http://www.securityfocus.com/bid/51324
- http://www.securitytracker.com/id?1026357
- https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
- http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
- http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
- http://secunia.com/advisories/47063
- http://www.kb.cert.org/vuls/id/717921
- http://www.securityfocus.com/bid/51324
- http://www.securitytracker.com/id?1026357
- https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html
Products affected by CVE-2011-4161
-
cpe:2.3:h:hp:color_laserjet_3000:q7534a
-
cpe:2.3:h:hp:color_laserjet_3800:q5981a
-
cpe:2.3:h:hp:color_laserjet_4700:-
-
cpe:2.3:h:hp:color_laserjet_4700:q7492a
-
cpe:2.3:h:hp:color_laserjet_4730:mfp
-
cpe:2.3:h:hp:color_laserjet_4730_mfp:-
-
cpe:2.3:h:hp:color_laserjet_4730_mfp:cb480a
-
cpe:2.3:h:hp:color_laserjet_5550:-
-
cpe:2.3:h:hp:color_laserjet_5550:q3714a
-
cpe:2.3:h:hp:color_laserjet_9500:-
-
cpe:2.3:h:hp:color_laserjet_cm3530:*
-
cpe:2.3:h:hp:color_laserjet_cm4540:mfp
-
cpe:2.3:h:hp:color_laserjet_cm4730:mfp
-
cpe:2.3:h:hp:color_laserjet_cm6030:*
-
cpe:2.3:h:hp:color_laserjet_cm6040:*
-
cpe:2.3:h:hp:color_laserjet_cp3505:cb442a
-
cpe:2.3:h:hp:color_laserjet_cp3525:cc469a
-
cpe:2.3:h:hp:color_laserjet_cp4005:cb503a
-
cpe:2.3:h:hp:color_laserjet_cp5525:-
-
cpe:2.3:h:hp:color_laserjet_cp6015:q3932a
-
cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*
-
cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:cc493a
-
cpe:2.3:h:hp:color_mfp_cm8060:-
-
cpe:2.3:h:hp:digital_sender_9200c:-
-
cpe:2.3:h:hp:digital_sender_9250c:cb472a
-
cpe:2.3:h:hp:laserjet_4240:q7785a
-
cpe:2.3:h:hp:laserjet_4250:q5400a
-
cpe:2.3:h:hp:laserjet_4345_mfp:-
-
cpe:2.3:h:hp:laserjet_4345_mfp:q3942a
-
cpe:2.3:h:hp:laserjet_4350:q5407a
-
cpe:2.3:h:hp:laserjet_5200:*
-
cpe:2.3:h:hp:laserjet_9040:q7697a
-
cpe:2.3:h:hp:laserjet_9050:-
-
cpe:2.3:h:hp:laserjet_9050:q7697a
-
cpe:2.3:h:hp:laserjet_enterprise_500_color:m551
-
cpe:2.3:h:hp:laserjet_enterprise_600:m601
-
cpe:2.3:h:hp:laserjet_enterprise_600:m602
-
cpe:2.3:h:hp:laserjet_enterprise_600:m603
-
cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp
-
cpe:2.3:h:hp:laserjet_enterprise_p3015:ce526a
-
cpe:2.3:h:hp:laserjet_m3035:*
-
cpe:2.3:h:hp:laserjet_m5035:*
-
cpe:2.3:h:hp:laserjet_m9040:*
-
cpe:2.3:h:hp:laserjet_m9050:*
-
cpe:2.3:h:hp:laserjet_p3005:q7812a
-
cpe:2.3:h:hp:laserjet_p4014:cb507a
-
cpe:2.3:h:hp:laserjet_p4015:cb509a
-
cpe:2.3:h:hp:laserjet_p4515:cb514a