| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in HP LaserJet and classified as problematic. This affects an unknown function. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2012-5221. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in HP LaserJet. Affected is an unknown code. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. CVE summarizes:
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
The weakness was shared 04/25/2013 by Andrei Costin (iDefense) with iDEFENSE as c03744742 as not defined bulletin (Website) via iDefense. The advisory is shared for download at h20000.www2.hp.com. The vendor cooperated in the coordination of the public release. This vulnerability is traded as CVE-2012-5221 since 10/01/2012. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are unknown but a private exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (83817), SecurityFocus (BID 59511†), OSVDB (92790†), Secunia (SA53220†) and Vulnerability Center (SBV-39744†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Affected
- HP Color LaserJet 3000 Series
- HP Color LaserJet 3800 Series
- HP Color LaserJet 4700 Series
- HP Color LaserJet 4730 Series
- HP Color LaserJet 5550 Series
- HP Color LaserJet 9500 Series
- HP Color LaserJet CM6030/CM6040 MFP Series
- HP Color LaserJet CP3505 Series
- HP Color LaserJet CP3525 Series
- HP Color LaserJet CP4005 Series
- HP Color LaserJet CP4025 / CP 4525 Series
- HP Color LaserJet CP6015
- HP LaserJet 4240 / 4250 / 4340 Series
- HP LaserJet 4345 Series
- HP LaserJet 4350 Series
- HP LaserJet 5200 Series
- HP LaserJet 9040 / 9050 Series
- HP LaserJet 9040/9050 Series
- HP LaserJet M3027/3035 MFP
- HP LaserJet M4345 Multifunction Printer series
- HP LaserJet M5025/5035 MFP
- HP LaserJet M5035 MFP Series
- HP LaserJet M9040/M9050 Multifunction Printer series
- HP LaserJet P3005 Series
- HP LaserJet P3015 Series
- HP LaserJet P4014
- HP LaserJet P4015
- HP LaserJet P4515
Product
Vendor
Name
Version
- C8549a
- Cb414a
- Cb416a
- Cb425a
- Cb442a
- Cb480a
- Cb503a
- Cb507a
- Cb509a
- Cb514a
- Cc394a
- Cc395a
- Cc469a
- Cc490a
- Cc493a
- Cc519a
- Ce526a
- Ce664a
- Q3714a
- Q3721a
- Q3932a
- Q3939a
- Q3942a
- Q5400a
- Q5407a
- Q5981a
- Q7492a
- Q7534a
- Q7543a
- Q7697a
- Q7785a
- Q7812a
- Q7829a
- Q7840a
License
Website
- Vendor: https://www.hp.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.6
VulDB Base Score: 5.3
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Private
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
10/01/2012 🔍04/25/2013 🔍
04/25/2013 🔍
04/25/2013 🔍
04/26/2013 🔍
04/26/2013 🔍
04/29/2013 🔍
05/03/2013 🔍
05/28/2013 🔍
05/01/2017 🔍
Sources
Vendor: hp.comAdvisory: c03744742⛔
Researcher: Andrei Costin (iDefense)
Organization: iDEFENSE
Status: Not defined
Coordinated: 🔍
CVE: CVE-2012-5221 (🔍)
GCVE (CVE): GCVE-0-2012-5221
GCVE (VulDB): GCVE-100-8544
IAVM: 🔍
X-Force: 83817
SecurityFocus: 59511 - Multiple HP LaserJet Printers CVE-2012-5221 Unspecified Information Disclosure Vulnerability
Secunia: 53220 - HP LaserJet Printers PostScript Interpreter Security Bypass Vulnerability, Less Critical
OSVDB: 92790
Vulnerability Center: 39744 - HP LaserJet Unspecified Vulnerability Allows Remote Arbitrary Files Access via Unknown Vector, Medium
Entry
Created: 05/03/2013 16:24Updated: 05/01/2017 11:12
Changes: 05/03/2013 16:24 (71), 05/01/2017 11:12 (5)
Complete: 🔍
Committer:
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.