CVE-2010-4107
Last modified
CVE-2010-4107 is a vulnerability of currently unknown severity. The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.. EPSS estimates a 13.13% chance of exploitation in the next 30 days.
Description
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | 9000 | All versions |
| Hp | Color Laserjet Mfp | All versions |
| Hp | Laserjet 4100 | All versions |
| Hp | Laserjet 4200 | All versions |
| Hp | Laserjet 4300 | All versions |
| Hp | Laserjet 5100 | All versions |
| Hp | Laserjet 8150 | All versions |
| Hp | Laserjet Mfp | All versions |
References
- http://secunia.com/advisories/42238Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2987Vendor Advisory
- http://secunia.com/advisories/42238Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2987Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-4107?
How severe is CVE-2010-4107?
How do I fix CVE-2010-4107?
Are you affected by CVE-2010-4107?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST