cvelistv5 - cve-2011-4161

CVE-2011-4161 (GCVE-0-2011-4161)

Vulnerability from cvelistv5

Published

2011-12-01 21:00

Modified

2024-08-07 00:01

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-vv8q-r8fx-pgjx

Vulnerability from github

Published

2022-05-17 05:22

Modified

2022-05-17 05:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4161"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-12-01T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.",
  "id": "GHSA-vv8q-r8fx-pgjx",
  "modified": "2022-05-17T05:22:19Z",
  "published": "2022-05-17T05:22:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4161"
    },
    {
      "type": "WEB",
      "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
    },
    {
      "type": "WEB",
      "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47063"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/717921"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51324"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026357"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2012-AVI-236

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans certaines imprimantes HP. La vulnérabilité permet de modifier le firmware d'une imprimante sans y être autorisé.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	versions antérieures à HP Color LaserJet Enterprise CP4525 version 07_111_0 ;
N/A	N/A	versions antérieures à HP LaserJet M5025 Multifunction Printer version 48_241_2 ;
N/A	N/A	versions antérieures à HP Color LaserJet 9500 Multifunction Printer version 08.260.1 ;
N/A	N/A	versions antérieures à HP Color LaserJet CM3530 version 53_171_4 ;
N/A	N/A	versions antérieures à HP Color LaserJet CM2320 Multifunction Printer series version 20120104 ;
N/A	N/A	versions antérieures à HP Color LaserJet CM1312 Multifunction Printer version 20120104 ;
N/A	N/A	versions antérieures à HP LaserJet P4515 version 04_160_9 ;
N/A	N/A	versions antérieures à HP LaserJet 4250 version 08_220_3 ;
N/A	N/A	versions antérieures à HP LaserJet Pro 100 color MFP M175 version 20111021 ;
N/A	N/A	versions antérieures à HP LaserJet 9040 Multifunction Printer version 08_260_1 ;
N/A	N/A	versions antérieures à HP LaserJet M9040 Multifunction Printer version 51_191_3 ;
N/A	N/A	versions antérieures à HP 9200c Digital Sender version 09_270_2 ;
N/A	N/A	versions antérieures à HP Color LaserJet CP1510 Printer series version 20120110 ;
N/A	N/A	versions antérieures à HP LaserJet P4015 version 04_160_9 ;
N/A	N/A	versions antérieures à HP LaserJet Pro M1136 Multifunction Printer series version 20120206 ;
N/A	N/A	versions antérieures à HP Color LaserJet CP3505 version 03.130.2 ;
N/A	N/A	versions antérieures à HP Color LaserJet Professional CP5225 Printer series version 20111220 ;
N/A	N/A	versions antérieures à HP LaserJet P1500 Printer series version 20120201 ;
N/A	N/A	versions antérieures à HP LaserJet M4345 Multifunction Printer version 48_241_2 ;
N/A	N/A	versions antérieures à HP Color LaserJet CM4730 Multifunction Printer version 50_221_3 ;
N/A	N/A	versions antérieures à HP Color LaserJet 5550 version 07_200_5 ;
N/A	N/A	versions antérieures à HP Color LaserJet 3000 version 46_050_1 ;
N/A	N/A	versions antérieures à HP 9250c Digital Sender version 48_231_2 ;
N/A	N/A	versions antérieures à HP Color LaserJet CP4005 version 46_190_3 ;
N/A	N/A	versions antérieures à HP LaserJet 9050 version 08_221_5 ;
N/A	N/A	versions antérieures à HP LaserJet 5200N version 08_181_1 ;
N/A	N/A	versions antérieures à HP LaserJet Pro CP1525 Color Printer version 20111215 ;
N/A	N/A	versions antérieures à HP LaserJet Pro P1102 Printer series version 20120130 ;
N/A	N/A	versions antérieures à HP LaserJet Pro P1606dn Printer version 20120130 ;
N/A	N/A	versions antérieures à HP LaserJet Pro M1212nf Multifunction Printer series version 20120206 ;
N/A	N/A	versions antérieures à HP LaserJet M1319 Multifunction Printer series version 20120302 ;
N/A	N/A	versions antérieures à HP Color LaserJet 4730 Multifunction Printer version 46.350.1 ;
N/A	N/A	versions antérieures à HP LaserJet M3035 Multifunction Printer version 48_241_2 ;
N/A	N/A	versions antérieures à HP LaserJet Pro M1536 Multifunction Printer version 20111215 ;
N/A	N/A	versions antérieures à HP Color LaserJet CP2025 version 20120105 ;
N/A	N/A	versions antérieures à HP Color LaserJet CM1312nfi Multifunction Printer version 20120104 ;
N/A	N/A	versions antérieures à HP Color LaserJet 2800 All-in-One Printer series version 20120307 ;
N/A	N/A	versions antérieures à HP LaserJet P4014 version 04_160_9 ;
N/A	N/A	versions antérieures à HP Color LaserJet CP3525 version 06_130_8 ;
N/A	N/A	versions antérieures à HP Color LaserJet CM6040 version 52_191_2 ;
N/A	N/A	versions antérieures à HP LaserJet M1522 Multifunction Printer series version 20120123 ;
N/A	N/A	versions antérieures à HP Color LaserJet CM6030 version 52_191_2 ;
N/A	N/A	versions antérieures à HP LaserJet P2055 Printer series version 20120131 ;
N/A	N/A	versions antérieures à HP LaserJet M1120 Multifunction Printer series version 20120305 ;
N/A	N/A	versions antérieures à HP LaserJet 9050 Multifunction Printer version 08_260_1 ;
N/A	N/A	versions antérieures à HP LaserJet M9050 Multifunction Printer version 51_191_3 ;
N/A	N/A	versions antérieures à HP LaserJet 4240 version 08_220_3 ;
N/A	N/A	versions antérieures à HP LaserJet Pro CM1415 Color Multifunction Printer version 20120216 ;
N/A	N/A	versions antérieures à HP LaserJet P3005 version 02.150.1 ;
N/A	N/A	versions antérieures à HP LaserJet M5035 Multifunction Printer version 48_241_2 ;
N/A	N/A	versions antérieures à HP LaserJet Enterprise P3015 version 07_130_7 ;
N/A	N/A	versions antérieures à HP LaserJet 4350 version 08_220_3 ;
N/A	N/A	versions antérieures à HP Color LaserJet 4700 version 46_200_1 ;
N/A	N/A	versions antérieures à HP LaserJet P2035 Printer series version 20120105 ;
N/A	N/A	versions antérieures à HP LaserJet 4345 Multifunction Printer version 09.270.1 ;
N/A	N/A	versions antérieures à HP LaserJet Pro CP1025 Color Printer series version 20120130 ;
N/A	N/A	versions antérieures à HP Color LaserJet CP6015 version 04_151_0 ;
N/A	N/A	versions antérieures à HP Color LaserJet 9500 version 05_020_3 ;
N/A	N/A	versions antérieures à HP LaserJet 5200L version 08_181_1 ;
N/A	N/A	versions antérieures à HP LaserJet 9040 version 08_221_5 ;
N/A	N/A	versions antérieures à HP Color LaserJet CP1210 Printer series version 20120213 ;
N/A	N/A	versions antérieures à HP LaserJet M3027 Multifunction Printer version 48_241_2 ;
N/A	N/A	versions antérieures à HP Color LaserJet 3800 version 46_050_2 ;
N/A	N/A	versions antérieures à HP LaserJet 2400 Printer series version 08_210_4 ;
N/A	N/A	versions antérieures à HP LaserJet M2727 Multifunction Printer series version 20120123 ;

References

Title

Publication Time

fkie_cve-2011-4161

Vulnerability from fkie_nvd

Published

2011-12-01 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
hp-security-alert@hp.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449	Vendor Advisory
hp-security-alert@hp.com	http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
hp-security-alert@hp.com	http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
hp-security-alert@hp.com	http://secunia.com/advisories/47063
hp-security-alert@hp.com	http://www.kb.cert.org/vuls/id/717921	US Government Resource
hp-security-alert@hp.com	http://www.securityfocus.com/bid/51324
hp-security-alert@hp.com	http://www.securitytracker.com/id?1026357
hp-security-alert@hp.com	https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
af854a3a-2127-422b-91ae-364da2661108	http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47063
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/717921	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51324
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026357
af854a3a-2127-422b-91ae-364da2661108	https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html

Impacted products

Vendor	Product	Version
hp	color_laserjet_3000	*
hp	color_laserjet_3800	*
hp	color_laserjet_4700	*
hp	color_laserjet_4730	mfp
hp	color_laserjet_4730_mfp	*
hp	color_laserjet_5550	*
hp	color_laserjet_9500	*
hp	color_laserjet_cm3530	*
hp	color_laserjet_cm4540	mfp
hp	color_laserjet_cm4730	mfp
hp	color_laserjet_cm6030	*
hp	color_laserjet_cm6040	*
hp	color_laserjet_cp3505	*
hp	color_laserjet_cp3525	*
hp	color_laserjet_cp4005	*
hp	color_laserjet_cp5525	*
hp	color_laserjet_cp6015	*
hp	color_laserjet_enterprise_cp4520	*
hp	color_laserjet_enterprise_cp4525	*
hp	color_mfp_cm8060	-
hp	digital_sender_9200c	*
hp	digital_sender_9250c	*
hp	laserjet_4240	*
hp	laserjet_4250	*
hp	laserjet_4345_mfp	*
hp	laserjet_4350	*
hp	laserjet_5200	*
hp	laserjet_9040	*
hp	laserjet_9050	*
hp	laserjet_enterprise_500_color	m551
hp	laserjet_enterprise_600	m601
hp	laserjet_enterprise_600	m602
hp	laserjet_enterprise_600	m603
hp	laserjet_enterprise_m4555	mfp
hp	laserjet_enterprise_p3015	*
hp	laserjet_m3035	*
hp	laserjet_m5035	*
hp	laserjet_m9040	*
hp	laserjet_m9050	*
hp	laserjet_p3005	*
hp	laserjet_p4014	*
hp	laserjet_p4015	*
hp	laserjet_p4515	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D7A20B7-2150-451C-A552-B1C6AE738B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE90FAC-3E5E-482B-B948-2C973E0861AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E6F162B-7175-452D-8D50-AC0FB87FBBAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE23783E-399C-431E-802D-68D496913A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0221E32-2EA3-4652-AFEB-0F55B9D6F7BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF6E37F-35A2-4EDD-B978-18BC51E1AFED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cm6030:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A8A052-C159-4257-85A7-9B7EC678AAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cm6040:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B84958A-FB55-44B7-9109-B35DFDDC3DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7858A3E0-837A-4A10-9D70-99B751EEF279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD2C1D0-86E9-425D-AA7D-0F8413A13166",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cp5525:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DAA6A25-CF6E-44FF-98EB-80CEFFB2EA01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "276340C4-D4DB-4260-B424-769AB9E0CB7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8652F3C8-D34A-4AE4-B2F0-31D636116F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
              "matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:digital_sender_9200c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E0408E2-B242-4697-B784-2B4B6C1EE828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:digital_sender_9250c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ABAE0CD-0994-4D4D-9D9D-A50898C8C1DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_enterprise_500_color:m551:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDDB4B85-F5CD-45DC-A5ED-C4C9F4E6FF4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m601:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4AF24A-E25B-4A2F-B7B7-67E15AAF9B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m602:*:*:*:*:*:*:*",
              "matchCriteriaId": "305480EC-1C47-4B8A-8568-7CE4C617A319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m603:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FFE81AF-91B0-40AE-9CF9-3820751AA9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB666B7-0A2E-4256-BBD0-817617F01425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECEABADC-F719-48BF-9C28-92E09A506681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_m3035:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B2A2D06-9C06-4001-B3ED-85C28846C8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_m5035:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7FD4993-FD92-4D35-AD8D-099B76436CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_m9040:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "029D54F1-1849-45AB-9DD4-7768197516B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_m9050:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45B98C71-FF30-44D9-904E-61676C4313F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto de la impresora HP CM8060 Color MFP con Edgeline, y las impresoras HP Color 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx y Enterprise CPxxxx; las Digital Sender 9200c y 9250c; LaserJet 4xxx, 5200, 90XX, Mxxxx y Pxxxx y LaserJet Enterprise 500 color M551, 600, M4555 MFP, y P3015 permite la actualizaci\u00f3n remota del firmware (RFU), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la apertura de una sesi\u00f3n en el puerto TCP 9100 para subir una actualizaci\u00f3n de firmware dise\u00f1ada por el atacante."
    }
  ],
  "id": "CVE-2011-4161",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-01T21:55:00.707",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://secunia.com/advisories/47063"
    },
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/717921"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securityfocus.com/bid/51324"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securitytracker.com/id?1026357"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/717921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2011-4161

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-4161

Aliases

CVE-2011-4161

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4161",
    "description": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.",
    "id": "GSD-2011-4161"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4161"
      ],
      "details": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.",
      "id": "GSD-2011-4161",
      "modified": "2023-12-13T01:19:05.792649Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "hp-security-alert@hp.com",
        "ID": "CVE-2011-4161",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#717921",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/717921"
          },
          {
            "name": "HPSBPI02728",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
          },
          {
            "name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
          },
          {
            "name": "SSRT100692",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
          },
          {
            "name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
            "refsource": "MISC",
            "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
          },
          {
            "name": "47063",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/47063"
          },
          {
            "name": "1026357",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1026357"
          },
          {
            "name": "51324",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/51324"
          },
          {
            "name": "[dailydave] 20111130 The Vampire Diaries",
            "refsource": "MLIST",
            "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp4005:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp5525:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_m5035:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_m9040:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_enterprise_600:m602:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_enterprise_600:m603:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm6030:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm6040:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:digital_sender_9200c:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_m9050:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_enterprise_p3015:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:digital_sender_9250c:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_m3035:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_enterprise_500_color:m551:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:laserjet_enterprise_600:m601:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-4161"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[dailydave] 20111130 The Vampire Diaries",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
            },
            {
              "name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
              "refsource": "MISC",
              "tags": [],
              "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
            },
            {
              "name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
            },
            {
              "name": "HPSBPI02728",
              "refsource": "HP",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
            },
            {
              "name": "51324",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/51324"
            },
            {
              "name": "VU#717921",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/717921"
            },
            {
              "name": "1026357",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1026357"
            },
            {
              "name": "47063",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/47063"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2012-09-18T03:28Z",
      "publishedDate": "2011-12-01T21:55Z"
    }
  }
}

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. HP Printers and Digital Senders are prone to a security-bypass vulnerability. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03102449 Version: 3

HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-11-30 Last Updated: 2012-01-09

Potential Security Impact: Remote firmware update enabled by default

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders.

References: CVE-2011-4161

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication.

RESOLUTION The following steps can be taken to avoid unauthorized firmware updates:

Update the firmware to a version that implements code signing Disable the Remote Firmware Update

The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates.

Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows.

Browse to www.hp.com/go/support then:

Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware"

HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0173",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "color mfp cm8060",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cm4730",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hp",
        "version": "mfp"
      },
      {
        "model": "laserjet p4015",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet enterprise p3015",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "digital sender 9250c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet cp3525",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet p4515",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet 9040",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet 4250",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet m3035",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet cm6030",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet 3800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet cm4540",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "mfp"
      },
      {
        "model": "color laserjet 4730",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "mfp"
      },
      {
        "model": "laserjet 5200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet enterprise 600",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "m602"
      },
      {
        "model": "laserjet m9050",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet enterprise m4555",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "mfp"
      },
      {
        "model": "laserjet 9050",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet cp5525",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet m5035",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "digital sender 9200c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet 4345 mfp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet enterprise 600",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "m603"
      },
      {
        "model": "color laserjet cp6015",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet cp3505",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet enterprise 600",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "m601"
      },
      {
        "model": "color laserjet enterprise cp4520",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet enterprise cp4525",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet 9500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet enterprise 500 color",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "m551"
      },
      {
        "model": "color laserjet cm6040",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet p4014",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet 4700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet 4730 mfp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet p3005",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet 5550",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet m9040",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet 4240",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet cp4005",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "laserjet 4350",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet cm3530",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "color laserjet enterprise cp4525",
        "scope": null,
        "trust": 0.9,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet enterprise cp4520",
        "scope": null,
        "trust": 0.9,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cp6015",
        "scope": null,
        "trust": 0.9,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cp5525",
        "scope": null,
        "trust": 0.9,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cp3525",
        "scope": null,
        "trust": 0.9,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cm6040",
        "scope": null,
        "trust": 0.9,
        "vendor": "hp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp cm8060 color mfp with edgeline",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet 3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet 3800",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet 4700",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet 4730 mfp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet 5550",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet 9500",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cm3530",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cm4540 mfp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cm4730 mfp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cm6030",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cm6040",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cp3505",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cp3525",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cp4005",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cp5525",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet cp6015",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet enterprise cp4520",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp color laserjet enterprise cp4525",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp digital sender 9200c",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp digital sender 9250c",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet 4240",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet 4250",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet 4345 mfp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet 4350",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet 5200",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet 9040",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet 9050",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet enterprise 500 color m551",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet enterprise 600",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "m601"
      },
      {
        "model": "hp laserjet enterprise 600",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "m602"
      },
      {
        "model": "hp laserjet enterprise 600",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "m603"
      },
      {
        "model": "hp laserjet enterprise m4555 mfp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet enterprise p3015",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet m3035",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet m5035",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet m9040",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet m9050",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet p3005",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet p4014",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet p4015",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp laserjet p4515",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "color laserjet cp4005",
        "scope": null,
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cp3505",
        "scope": null,
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "topshot laserjet pro m275",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet professional cp5225 printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro p1606dn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro p1102",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro m1536 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro m1212nf multifunction printer series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro m1136 multifunction printer series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro cp1525 color printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro cp1025 color printer series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro cm1415 color multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro mfp color m475",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4000"
      },
      {
        "model": "laserjet pro color m451",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4000"
      },
      {
        "model": "laserjet pro color mfp m375",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3000"
      },
      {
        "model": "laserjet pro color m351",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3000"
      },
      {
        "model": "laserjet pro color mfp m175",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1000"
      },
      {
        "model": "laserjet p4515",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p4015",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p4014",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p3005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p2055",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p2035",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p1500 printer series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m9040",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m5035 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m5025 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m4345x mfp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3035",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3027",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m2727 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m1522 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m1319 multifunction printer series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m1120 multifunction printer series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m4555",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet enterprise m4555 mfp",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet enterprise m603",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "laserjet enterprise m602",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "laserjet enterprise m601",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "laserjet enterprise color m551",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "laserjet mfp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "90500"
      },
      {
        "model": "laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "90500"
      },
      {
        "model": "laserjet 9040mpf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "90400"
      },
      {
        "model": "laserjet 5200n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet 5200l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43500"
      },
      {
        "model": "laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4350"
      },
      {
        "model": "laserjet mfp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43450"
      },
      {
        "model": "laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42500"
      },
      {
        "model": "laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42400"
      },
      {
        "model": "laserjet m9050",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet m5035",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5200"
      },
      {
        "model": "ds9250c digital sender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "digital sender 9200c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "digital sender 9250c",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet enterprise cm4540",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cp6015",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cp5525",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cp4005n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cp3525 printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.031.4"
      },
      {
        "model": "color laserjet cp3525 printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "05.059.3"
      },
      {
        "model": "color laserjet cp3525 printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "05.058.4"
      },
      {
        "model": "color laserjet cp3505",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cp2025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cp1510",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cp1210 printer series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm6040",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm6030",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm4730 mfp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm3530",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm2320 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm1312 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet 9500mfp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5550"
      },
      {
        "model": "color laserjet mfp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "47300"
      },
      {
        "model": "color laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "47000"
      },
      {
        "model": "color laserjet 3800n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet 3000n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "28000"
      },
      {
        "model": "color laserjet cm1312nfi",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9500"
      },
      {
        "model": "color laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3000"
      },
      {
        "model": "cm8060 color mfp with edgeline",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "db": "BID",
        "id": "50876"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:hp:color_mfp_cm8060",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_3000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_3800",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_4700",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_4730_mfp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_5550",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_9500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cm3530",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cm4540",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cm4730",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cm6030",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cm6040",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cp3505",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cp3525",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cp4005",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cp5525",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_cp6015",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_enterprise_cp4520",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:color_laserjet_enterprise_cp4525",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:digital_sender_9200c",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:digital_sender_9250c",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_4240",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_4250",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_4345_mfp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_4350",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_5200",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_9040",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_9050",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_enterprise_500_color",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_enterprise_600",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_enterprise_m4555",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_enterprise_p3015",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_m3035",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_m5035",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_m9040",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_m9050",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_p3005",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_p4014",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_p4015",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:hp:laserjet_p4515",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "108233"
      },
      {
        "db": "PACKETSTORM",
        "id": "108485"
      },
      {
        "db": "PACKETSTORM",
        "id": "110973"
      },
      {
        "db": "PACKETSTORM",
        "id": "109909"
      },
      {
        "db": "PACKETSTORM",
        "id": "107448"
      },
      {
        "db": "PACKETSTORM",
        "id": "112220"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2011-4161",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-4161",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 10.0,
            "collateralDamagePotential": "NOT DEFINED",
            "confidentialityImpact": "COMPLETE",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 6.2,
            "exploitability": "FUNCTIONAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-4161",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "HIGH",
            "targetDistribution": "MEDIUM",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4161",
            "trust": 1.6,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-4161",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201111-528",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. HP Printers and Digital Senders are prone to a security-bypass vulnerability. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03102449\nVersion: 3\n\nHPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-11-30\nLast Updated: 2012-01-09\n\nPotential Security Impact: Remote firmware update enabled by default\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP printers and HP digital senders. \n\nReferences: CVE-2011-4161\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. \n\nRESOLUTION\nThe following steps can be taken to avoid unauthorized firmware updates:\n\nUpdate the firmware to a version that implements code signing\nDisable the Remote Firmware Update\n\nThe code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. \n\nNote: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. \n\nBrowse to www.hp.com/go/support then:\n\nSelect \"Drivers \u0026 Software\"\nEnter the product name listed in the table above into the search field\nClick on \"Search\"\nIf the search returns a list of products click on the appropriate product\nUnder \"Select operating system\" click on \"Cross operating system (BIOS, Firmware, Diagnostics, etc.)\"\nIf the \"Cross operating system ...\" link is not present, select any Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\"\n\nHISTORY\nVersion:1 (rev.1) - 30 November 2011 Initial release\nVersion:2 (rev.2) - 23 December 2011 Code signing firmware available\nVersion:3 (rev.3) - 9 January 2012 Combined tables\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU\nVnkAoO9oPSjyrVB07qLIBpcXALxLRRRg\n=mXzy\n-----END PGP SIGNATURE-----\n. However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4161"
      },
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "db": "BID",
        "id": "50876"
      },
      {
        "db": "PACKETSTORM",
        "id": "108233"
      },
      {
        "db": "PACKETSTORM",
        "id": "108485"
      },
      {
        "db": "PACKETSTORM",
        "id": "110973"
      },
      {
        "db": "PACKETSTORM",
        "id": "109909"
      },
      {
        "db": "PACKETSTORM",
        "id": "107448"
      },
      {
        "db": "PACKETSTORM",
        "id": "112220"
      }
    ],
    "trust": 3.15
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.kb.cert.org/vuls/id/717921",
        "trust": 0.8,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4161",
        "trust": 3.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#717921",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "47063",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "51324",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1026357",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "19500",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "18263",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[DAILYDAVE] 20111130 THE VAMPIRE DIARIES",
        "trust": 0.6
      },
      {
        "db": "HP",
        "id": "HPSBPI02728",
        "trust": 0.6
      },
      {
        "db": "HP",
        "id": "SSRT100692",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "50876",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "108233",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108485",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109909",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "107448",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112220",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "db": "BID",
        "id": "50876"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "db": "PACKETSTORM",
        "id": "108233"
      },
      {
        "db": "PACKETSTORM",
        "id": "108485"
      },
      {
        "db": "PACKETSTORM",
        "id": "110973"
      },
      {
        "db": "PACKETSTORM",
        "id": "109909"
      },
      {
        "db": "PACKETSTORM",
        "id": "107448"
      },
      {
        "db": "PACKETSTORM",
        "id": "112220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "id": "VAR-201112-0173",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3952421011111111
  },
  "last_update_date": "2024-11-29T23:07:06.630000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HP Imaging and Printing Security Best Practices",
        "trust": 0.8,
        "url": "http://h71028.www7.hp.com/enterprise/downloads/HP-Imaging10.pdf"
      },
      {
        "title": "HPSBPI02728 SSRT100692",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c03102449"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03102449"
      },
      {
        "trust": 1.9,
        "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
      },
      {
        "trust": 1.6,
        "url": "http://jvn.jp/cert/jvnvu717921/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-november/000378.html"
      },
      {
        "trust": 1.6,
        "url": "http://isc.sans.org/diary/hacking+hp+printers+for+fun+and+profit/12112"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/47063"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/51324"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id?1026357"
      },
      {
        "trust": 1.0,
        "url": "http://www.kb.cert.org/vuls/id/717921"
      },
      {
        "trust": 0.9,
        "url": "http://h71028.www7.hp.com/enterprise/downloads/hp-imaging10.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03102449\u0026jumpid=em_alerts_us-us_dec11_xbu_all_all_1514802_101529_printersandmultifunctionscanners-copiers-faxes_critical_000_0"
      },
      {
        "trust": 0.8,
        "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03102449-6"
      },
      {
        "trust": 0.8,
        "url": "http://ids.cs.columbia.edu/sites/default/files/ndss-2013.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4161"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4161"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4161"
      },
      {
        "trust": 0.6,
        "url": "http://www.hp.com/go/secureprinting"
      },
      {
        "trust": 0.6,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/19500"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18263"
      },
      {
        "trust": 0.5,
        "url": "https://www.hp.com/go/support"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03154309"
      },
      {
        "trust": 0.3,
        "url": "http://www.hp.com/"
      },
      {
        "trust": 0.3,
        "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03102449\u0026ac.admitted=1329506517580.876444892.492883150"
      },
      {
        "trust": 0.3,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03102449\u0026ac.admitted=1332174200510.876444892.199480143"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/521693"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03154309\u0026jumpid=em_alerts_us-us_jan12_xbu_all_all_1590794_104946_printersandmultifunctionscanners-copiers-faxes_routine_002_1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "db": "BID",
        "id": "50876"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "db": "PACKETSTORM",
        "id": "108233"
      },
      {
        "db": "PACKETSTORM",
        "id": "108485"
      },
      {
        "db": "PACKETSTORM",
        "id": "110973"
      },
      {
        "db": "PACKETSTORM",
        "id": "109909"
      },
      {
        "db": "PACKETSTORM",
        "id": "107448"
      },
      {
        "db": "PACKETSTORM",
        "id": "112220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "db": "BID",
        "id": "50876"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "db": "PACKETSTORM",
        "id": "108233"
      },
      {
        "db": "PACKETSTORM",
        "id": "108485"
      },
      {
        "db": "PACKETSTORM",
        "id": "110973"
      },
      {
        "db": "PACKETSTORM",
        "id": "109909"
      },
      {
        "db": "PACKETSTORM",
        "id": "107448"
      },
      {
        "db": "PACKETSTORM",
        "id": "112220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-12-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "date": "2011-11-30T00:00:00",
        "db": "BID",
        "id": "50876"
      },
      {
        "date": "2011-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "date": "2011-12-29T23:29:31",
        "db": "PACKETSTORM",
        "id": "108233"
      },
      {
        "date": "2012-01-09T20:58:54",
        "db": "PACKETSTORM",
        "id": "108485"
      },
      {
        "date": "2012-03-19T22:42:32",
        "db": "PACKETSTORM",
        "id": "110973"
      },
      {
        "date": "2012-02-18T03:14:17",
        "db": "PACKETSTORM",
        "id": "109909"
      },
      {
        "date": "2011-12-01T21:32:32",
        "db": "PACKETSTORM",
        "id": "107448"
      },
      {
        "date": "2012-04-26T22:31:50",
        "db": "PACKETSTORM",
        "id": "112220"
      },
      {
        "date": "2011-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      },
      {
        "date": "2011-12-01T21:55:00.707000",
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#717921"
      },
      {
        "date": "2014-01-25T08:48:00",
        "db": "BID",
        "id": "50876"
      },
      {
        "date": "2011-12-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003178"
      },
      {
        "date": "2011-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      },
      {
        "date": "2024-11-21T01:31:57.317000",
        "db": "NVD",
        "id": "CVE-2011-4161"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hewlett-Packard printers and scanner devices allow remote unautheticated firmware updates",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#717921"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-528"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-4161 (GCVE-0-2011-4161)

Vulnerability from cvelistv5

ghsa-vv8q-r8fx-pgjx

Vulnerability from github

CERTA-2012-AVI-236

Vulnerability from certfr_avis

Solution

fkie_cve-2011-4161

Vulnerability from fkie_nvd

gsd-2011-4161

Vulnerability from gsd

var-201112-0173

Vulnerability from variot

Tags

Sightings

Nomenclature