Vulnerability Note VU#782451

HP LaserJet Professional printer telnet debug shell vulnerability

Original Release date: 11 Mar 2013 | Last revised: 11 Mar 2013

Overview

Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.

Description

Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.

For additional vulnerability information and a list of affected devices see HP Security Bulletin HPSBPI02851 SSRT101078.

Impact

A remote unauthenticated attacker can connect to the telnet debug shell and gain unauthorized access to data.

Solution

Update

HP has provided updated printer firmware to resolve this issue. Firmware download information can be found in HP Security Bulletin HPSBPI02851 SSRT101078.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected09 Jan 201308 Mar 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 8.8 AV:N/AC:M/Au:N/C:N/I:C/A:C
Temporal 6.2 E:POC/RL:OF/RC:UC
Environmental 1.6 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Christoph von Wittich of Hentschke Bau GmbH for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2012-5215
  • Date Public: 06 Mar 2013
  • Date First Published: 11 Mar 2013
  • Date Last Updated: 11 Mar 2013
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.