search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

HP LaserJet Professional printer telnet debug shell vulnerability

Vulnerability Note VU#782451

Original Release Date: 2013-03-11 | Last Revised: 2013-03-11

Overview

Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.

Description

Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.

For additional vulnerability information and a list of affected devices see HP Security Bulletin HPSBPI02851 SSRT101078.

Impact

A remote unauthenticated attacker can connect to the telnet debug shell and gain unauthorized access to data.

Solution

Update

HP has provided updated printer firmware to resolve this issue. Firmware download information can be found in HP Security Bulletin HPSBPI02851 SSRT101078.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks.

Vendor Information

782451
 
Expand all

Hewlett-Packard Company Affected

Notified:  January 09, 2013 Updated: March 08, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base 8.8 AV:N/AC:M/Au:N/C:N/I:C/A:C
Temporal 6.2 E:POC/RL:OF/RC:UC
Environmental 1.6 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03684249

Acknowledgements

Thanks to Christoph von Wittich of Hentschke Bau GmbH for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2012-5215
Date Public: 2013-03-06
Date First Published: 2013-03-11
Date Last Updated: 2013-03-11 12:39 UTC
Document Revision: 8

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis