CVE-2011-4161
First published: Thu Dec 01 2011(Updated: )
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Color LaserJet Enterprise CP4520 | ||
| HP LaserJet m5035 MFP | ||
| HP LaserJet Enterprise 600 | =m603 | |
| HP LaserJet 4250n | ||
| HP Color LaserJet CP3505 | ||
| HP Color LaserJet 4730 MFP | =mfp | |
| HP Color LaserJet Enterprise CP4525 | ||
| HP LaserJet P3005n | ||
| HP LaserJet M9050 Multifunction Printer | ||
| HP LaserJet 5200n | ||
| HP Color LaserJet 4700 | ||
| HP Color LaserJet M3530 Multifunction Printer | ||
| HP Color LaserJet 4730 | =mfp | |
| HP LaserJet 9050 MFP | ||
| HP LaserJet p4014 | ||
| Hp Color Laserjet Cp3525 Printer | ||
| HP LaserJet P4014 | ||
| HP Color LaserJet 3800 | ||
| HP LaserJet Enterprise 600 | =m602 | |
| HP Color LaserJet CP5525 Firmware | ||
| HP Color LaserJet cm6030 mfp | ||
| HP LaserJet 9040 MFP | ||
| HP LaserJet 9040 MFP | ||
| HP Color LaserJet 4730 MFP | ||
| HP Color LaserJet 5550 | ||
| HP LaserJet P4515 | ||
| HP LaserJet Enterprise 600 | =m601 | |
| HP Color LaserJet 9500 MFP | ||
| HP Color LaserJet CM4540 MFP CC421A | =mfp | |
| HP Digital Sender | ||
| HP Color LaserJet 3000 | ||
| HP Digital Sender | ||
| HP LaserJet Enterprise 500 color mfp m575 | =m551 | |
| HP Color LaserJet CM6040 | ||
| HP LaserJet m3035 MFP | ||
| HP LaserJet P3015 | ||
| HP Color MFP CM8060 | ||
| HP LaserJet 4350n | ||
| HP LaserJet 4240n | ||
| HP Color LaserJet cp6015 | ||
| HP LaserJet Enterprise m4555 MFP CE503A | =mfp | |
| HP LaserJet m4345x MFP | ||
| HP Color LaserJet CP4005n |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html
- http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
- http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
- http://www.securityfocus.com/bid/51324
- http://www.kb.cert.org/vuls/id/717921
- http://www.securitytracker.com/id?1026357
- http://secunia.com/advisories/47063
Frequently Asked Questions
What is the severity of CVE-2011-4161?
CVE-2011-4161 has a medium severity rating due to potential remote exploitation by attackers.
How do I fix CVE-2011-4161?
To mitigate CVE-2011-4161, users should apply firmware updates provided by HP for the affected printer models.
Which devices are impacted by CVE-2011-4161?
CVE-2011-4161 affects various models of HP Color LaserJet and Digital Sender products.
What are the potential risks associated with CVE-2011-4161?
The risks of CVE-2011-4161 include unauthorized access and potential compromise of sensitive data through open network ports.
Can CVE-2011-4161 be exploited remotely?
Yes, CVE-2011-4161 can be exploited remotely if the affected printer models are accessible over the network.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hp color laserjet enterprise cp4520
- canonical/hp laserjet m5035 mfp
- canonical/hp laserjet enterprise 600
- version/hp laserjet enterprise 600/m603
- canonical/hp laserjet 4250n
- canonical/hp color laserjet cp3505
- canonical/hp color laserjet 4730 mfp
- version/hp color laserjet 4730 mfp/mfp
- canonical/hp color laserjet enterprise cp4525
- canonical/hp laserjet p3005n
- canonical/hp laserjet m9050 multifunction printer
- canonical/hp laserjet 5200n
- canonical/hp color laserjet 4700
- canonical/hp color laserjet m3530 multifunction printer
- canonical/hp color laserjet 4730
- version/hp color laserjet 4730/mfp
- canonical/hp laserjet 9050 mfp
- canonical/hp laserjet p4014
- canonical/hp color laserjet cp3525 printer
- canonical/hp color laserjet 3800
- version/hp laserjet enterprise 600/m602
- canonical/hp color laserjet cp5525 firmware
- canonical/hp color laserjet cm6030 mfp
- canonical/hp laserjet 9040 mfp
- canonical/hp color laserjet 5550
- canonical/hp laserjet p4515
- version/hp laserjet enterprise 600/m601
- canonical/hp color laserjet 9500 mfp
- canonical/hp color laserjet cm4540 mfp cc421a
- version/hp color laserjet cm4540 mfp cc421a/mfp
- canonical/hp digital sender
- canonical/hp color laserjet 3000
- canonical/hp laserjet enterprise 500 color mfp m575
- version/hp laserjet enterprise 500 color mfp m575/m551
- canonical/hp color laserjet cm6040
- canonical/hp laserjet m3035 mfp
- canonical/hp laserjet p3015
- canonical/hp color mfp cm8060
- canonical/hp laserjet 4350n
- canonical/hp laserjet 4240n
- canonical/hp color laserjet cp6015
- canonical/hp laserjet enterprise m4555 mfp ce503a
- version/hp laserjet enterprise m4555 mfp ce503a/mfp
- canonical/hp laserjet m4345x mfp
- canonical/hp color laserjet cp4005n