Strix
26.1K

CVE-2011-4161

UnknownEPSS 13.95%

Last modified

CVE-2011-4161 is a vulnerability of currently unknown severity. The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.. EPSS estimates a 13.95% chance of exploitation in the next 30 days.

Description

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Metrics

EPSS Probability
13.95%

96.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HpColor Laserjet 3000All versions
HpColor Laserjet 3800All versions
HpColor Laserjet 4700All versions
HpColor Laserjet 4730mfp
HpColor Laserjet 4730 MfpAll versions
HpColor Laserjet 5550All versions
HpColor Laserjet 9500All versions
HpColor Laserjet Cm3530All versions
HpColor Laserjet Cm4540mfp
HpColor Laserjet Cm4730mfp
HpColor Laserjet Cm6030All versions
HpColor Laserjet Cm6040All versions
HpColor Laserjet Cp3505All versions
HpColor Laserjet Cp3525All versions
HpColor Laserjet Cp4005All versions
HpColor Laserjet Cp5525All versions
HpColor Laserjet Cp6015All versions
HpColor Laserjet Enterprise Cp4520All versions
HpColor Laserjet Enterprise Cp4525All versions
HpColor Mfp Cm8060All versions
HpDigital Sender 9200cAll versions
HpDigital Sender 9250cAll versions
HpLaserjet 4240All versions
HpLaserjet 4250All versions
HpLaserjet 4345 MfpAll versions
HpLaserjet 4350All versions
HpLaserjet 5200All versions
HpLaserjet 9040All versions
HpLaserjet 9050All versions
HpLaserjet Enterprise 500 Colorm551
HpLaserjet Enterprise 600m601
HpLaserjet Enterprise 600m602
HpLaserjet Enterprise 600m603
HpLaserjet Enterprise M4555mfp
HpLaserjet Enterprise P3015All versions
HpLaserjet M3035All versions
HpLaserjet M5035All versions
HpLaserjet M9040All versions
HpLaserjet M9050All versions
HpLaserjet P3005All versions
HpLaserjet P4014All versions
HpLaserjet P4015All versions
HpLaserjet P4515All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-4161?
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
How severe is CVE-2011-4161?
Severity scoring for CVE-2011-4161 is pending analysis. The EPSS model estimates a 13.95% probability of exploitation in the next 30 days.
How do I fix CVE-2011-4161?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4161?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST