Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2011-4161

Published: Dec 01, 2011 | Modified: Sep 18, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2011-4161
CWEhttps://cwe.mitre.org/data/definitions/264.html

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Affected Software

Name Vendor Start Version End Version
Color_laserjet_3000 Hp * *
Color_laserjet_3800 Hp * *
Color_laserjet_4700 Hp * *
Color_laserjet_4730 Hp mfp (including) mfp (including)
Color_laserjet_4730_mfp Hp * *
Color_laserjet_5550 Hp * *
Color_laserjet_9500 Hp * *
Color_laserjet_cm3530 Hp * *
Color_laserjet_cm4540 Hp mfp (including) mfp (including)
Color_laserjet_cm4730 Hp mfp (including) mfp (including)
Color_laserjet_cm6030 Hp * *
Color_laserjet_cm6040 Hp * *
Color_laserjet_cp3505 Hp * *
Color_laserjet_cp3525 Hp * *
Color_laserjet_cp4005 Hp * *
Color_laserjet_cp5525 Hp * *
Color_laserjet_cp6015 Hp * *
Color_laserjet_enterprise_cp4520 Hp * *
Color_laserjet_enterprise_cp4525 Hp * *
Color_mfp_cm8060 Hp - (including) - (including)
Digital_sender_9200c Hp * *
Digital_sender_9250c Hp * *
Laserjet_4240 Hp * *
Laserjet_4250 Hp * *
Laserjet_4345_mfp Hp * *
Laserjet_4350 Hp * *
Laserjet_5200 Hp * *
Laserjet_9040 Hp * *
Laserjet_9050 Hp * *
Laserjet_enterprise_500_color Hp m551 (including) m551 (including)
Laserjet_enterprise_600 Hp m601 (including) m601 (including)
Laserjet_enterprise_600 Hp m602 (including) m602 (including)
Laserjet_enterprise_600 Hp m603 (including) m603 (including)
Laserjet_enterprise_m4555 Hp mfp (including) mfp (including)
Laserjet_enterprise_p3015 Hp * *
Laserjet_m3035 Hp * *
Laserjet_m5035 Hp * *
Laserjet_m9040 Hp * *
Laserjet_m9050 Hp * *
Laserjet_p3005 Hp * *
Laserjet_p4014 Hp * *
Laserjet_p4015 Hp * *
Laserjet_p4515 Hp * *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use