{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-02T10:00:00", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "VU#717921", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/717921"}, {"name": "HPSBPI02728", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"}, {"name": "SSRT100692", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"}, {"tags": ["x_refsource_MISC"], "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"}, {"name": "47063", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47063"}, {"name": "1026357", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1026357"}, {"name": "51324", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51324"}, {"name": "[dailydave] 20111130 The Vampire Diaries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2011-4161", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#717921", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/717921"}, {"name": "HPSBPI02728", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"}, {"name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112", "refsource": "MISC", "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"}, {"name": "SSRT100692", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"}, {"name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say", "refsource": "MISC", "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"}, {"name": "47063", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47063"}, {"name": "1026357", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026357"}, {"name": "51324", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51324"}, {"name": "[dailydave] 20111130 The Vampire Diaries", "refsource": "MLIST", "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:01:50.473Z"}, "title": "CVE Program Container", "references": [{"name": "VU#717921", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/717921"}, {"name": "HPSBPI02728", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"}, {"name": "SSRT100692", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"}, {"name": "47063", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47063"}, {"name": "1026357", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1026357"}, {"name": "51324", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51324"}, {"name": "[dailydave] 20111130 The Vampire Diaries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2011-4161", "datePublished": "2011-12-01T21:00:00", "dateReserved": "2011-10-21T00:00:00", "dateUpdated": "2024-08-07T00:01:50.473Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D7A20B7-2150-451C-A552-B1C6AE738B84", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBE90FAC-3E5E-482B-B948-2C973E0861AA", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*", "matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*", "matchCriteriaId": "1E6F162B-7175-452D-8D50-AC0FB87FBBAE", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*", "matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*", "matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE23783E-399C-431E-802D-68D496913A44", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*", "matchCriteriaId": "A0221E32-2EA3-4652-AFEB-0F55B9D6F7BF", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*", "matchCriteriaId": "DFF6E37F-35A2-4EDD-B978-18BC51E1AFED", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cm6030:*:*:*:*:*:*:*:*", "matchCriteriaId": "29A8A052-C159-4257-85A7-9B7EC678AAE9", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cm6040:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B84958A-FB55-44B7-9109-B35DFDDC3DC2", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*", "matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*", "matchCriteriaId": "7858A3E0-837A-4A10-9D70-99B751EEF279", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFD2C1D0-86E9-425D-AA7D-0F8413A13166", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp5525:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DAA6A25-CF6E-44FF-98EB-80CEFFB2EA01", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*", "matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*:*:*:*:*:*:*:*", "matchCriteriaId": "276340C4-D4DB-4260-B424-769AB9E0CB7F", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:*:*:*:*:*:*:*:*", "matchCriteriaId": "8652F3C8-D34A-4AE4-B2F0-31D636116F75", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*", "matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:digital_sender_9200c:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E0408E2-B242-4697-B784-2B4B6C1EE828", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:digital_sender_9250c:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ABAE0CD-0994-4D4D-9D9D-A50898C8C1DC", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*", "matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*", "matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*", "matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*", "matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*", "matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_500_color:m551:*:*:*:*:*:*:*", "matchCriteriaId": "DDDB4B85-F5CD-45DC-A5ED-C4C9F4E6FF4A", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m601:*:*:*:*:*:*:*", "matchCriteriaId": "7C4AF24A-E25B-4A2F-B7B7-67E15AAF9B30", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m602:*:*:*:*:*:*:*", "matchCriteriaId": "305480EC-1C47-4B8A-8568-7CE4C617A319", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m603:*:*:*:*:*:*:*", "matchCriteriaId": "0FFE81AF-91B0-40AE-9CF9-3820751AA9D0", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp:*:*:*:*:*:*:*", "matchCriteriaId": "1EB666B7-0A2E-4256-BBD0-817617F01425", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECEABADC-F719-48BF-9C28-92E09A506681", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_m3035:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B2A2D06-9C06-4001-B3ED-85C28846C8A9", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_m5035:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7FD4993-FD92-4D35-AD8D-099B76436CEE", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_m9040:*:*:*:*:*:*:*:*", "matchCriteriaId": "029D54F1-1849-45AB-9DD4-7768197516B2", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_m9050:*:*:*:*:*:*:*:*", "matchCriteriaId": "45B98C71-FF30-44D9-904E-61676C4313F9", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*", "matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B", "vulnerable": true}, {"criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de la impresora HP CM8060 Color MFP con Edgeline, y las impresoras HP Color 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx y Enterprise CPxxxx; las Digital Sender 9200c y 9250c; LaserJet 4xxx, 5200, 90XX, Mxxxx y Pxxxx y LaserJet Enterprise 500 color M551, 600, M4555 MFP, y P3015 permite la actualizaci\u00f3n remota del firmware (RFU), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la apertura de una sesi\u00f3n en el puerto TCP 9100 para subir una actualizaci\u00f3n de firmware dise\u00f1ada por el atacante."}], "id": "CVE-2011-4161", "lastModified": "2012-09-18T03:28:13.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-01T21:55:00.707", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"}, {"source": "hp-security-alert@hp.com", "url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"}, {"source": "hp-security-alert@hp.com", "url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"}, {"source": "hp-security-alert@hp.com", "url": "http://secunia.com/advisories/47063"}, {"source": "hp-security-alert@hp.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/717921"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securityfocus.com/bid/51324"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securitytracker.com/id?1026357"}, {"source": "hp-security-alert@hp.com", "url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}