CVE-2010-4107: Path Traversal
First published: Wed Nov 17 2010(Updated: )
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP LaserJet 4200dtn | ||
| HP LaserJet 4100 MFP | ||
| HP Color LaserJet MFP | ||
| HP LaserJet MFP | ||
| HP 9000 | ||
| HP LaserJet 5100 | ||
| HP LaserJet 8150dn | ||
| HP LaserJet 4300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/2987
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333
- http://secunia.com/advisories/42238
- http://securitytracker.com/id?1024741
- http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf
- http://www.securityfocus.com/bid/44882
- http://www.exploit-db.com/exploits/15631
- http://securityreason.com/securityalert/8328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63261
Frequently Asked Questions
What is the severity of CVE-2010-4107?
CVE-2010-4107 has a significant severity rating as it allows unauthorized access to the device's filesystem.
How do I fix CVE-2010-4107?
To fix CVE-2010-4107, modify the PJL Access settings in your HP LaserJet printer to restrict filesystem access.
What devices are affected by CVE-2010-4107?
CVE-2010-4107 affects several HP LaserJet models including the 4100, 4200, 4300, 5100, 8150, and 9000 series printers.
Can CVE-2010-4107 be exploited remotely?
Yes, CVE-2010-4107 can be exploited remotely by attackers leveraging the default configuration of the PJL Access settings.
What type of attack can result from CVE-2010-4107?
CVE-2010-4107 can lead to unauthorized access and manipulation of files stored in the filesystem of affected HP printers.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hp laserjet 4200dtn
- canonical/hp laserjet 4100 mfp
- canonical/hp color laserjet mfp
- canonical/hp laserjet mfp
- canonical/hp 9000
- canonical/hp laserjet 5100
- canonical/hp laserjet 8150dn
- canonical/hp laserjet 4300