CVE Vulnerabilities

CVE-2011-4161

Published: Dec 01, 2011 | Modified: Sep 18, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Affected Software

Name Vendor Start Version End Version
Color_laserjet_enterprise_cp4520 Hp * *
Laserjet_m5035 Hp * *
Laserjet_enterprise_600 Hp m603 m603
Laserjet_4250 Hp * *
Color_laserjet_cp3505 Hp * *
Color_laserjet_4730 Hp mfp mfp
Color_laserjet_enterprise_cp4525 Hp * *
Laserjet_p3005 Hp * *
Laserjet_m9050 Hp * *
Laserjet_5200 Hp * *
Color_laserjet_4700 Hp * *
Color_laserjet_cm3530 Hp * *
Color_laserjet_cm4730 Hp mfp mfp
Laserjet_9050 Hp * *
Laserjet_p4015 Hp * *
Color_laserjet_cp3525 Hp * *
Laserjet_p4014 Hp * *
Color_laserjet_3800 Hp * *
Laserjet_enterprise_600 Hp m602 m602
Color_laserjet_cp5525 Hp * *
Color_laserjet_cm6030 Hp * *
Laserjet_m9040 Hp * *
Laserjet_9040 Hp * *
Color_laserjet_4730_mfp Hp * *
Color_laserjet_5550 Hp * *
Laserjet_p4515 Hp * *
Laserjet_enterprise_600 Hp m601 m601
Color_laserjet_9500 Hp * *
Color_laserjet_cm4540 Hp mfp mfp
Digital_sender_9250c Hp * *
Color_laserjet_3000 Hp * *
Digital_sender_9200c Hp * *
Laserjet_enterprise_500_color Hp m551 m551
Color_laserjet_cm6040 Hp * *
Laserjet_m3035 Hp * *
Laserjet_enterprise_p3015 Hp * *
Color_mfp_cm8060 Hp - -
Laserjet_4350 Hp * *
Laserjet_4240 Hp * *
Color_laserjet_cp6015 Hp * *
Laserjet_enterprise_m4555 Hp mfp mfp
Laserjet_4345_mfp Hp * *
Color_laserjet_cp4005 Hp * *

References