CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2011-4161

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Publish Date : 2011-12-01 Last Update Date : 2012-09-17
Collapse All   Expand All   Select   Select&Copy  
Related Tweets   Even more tweets   Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

Cvss Score
10.0
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 264

- Products Affected By CVE-2011-4161

# Product Type Vendor Product Version Update Edition Language
1 Hardware HP Color Laserjet 3000 Details Vulnerabilities
2 Hardware HP Color Laserjet 3800 Details Vulnerabilities
3 Hardware HP Color Laserjet 4700 Details Vulnerabilities
4 Hardware HP Color Laserjet 4730 MFP Details Vulnerabilities
5 Hardware HP Color Laserjet 4730 Mfp Details Vulnerabilities
6 Hardware HP Color Laserjet 5550 Details Vulnerabilities
7 Hardware HP Color Laserjet 9500 Details Vulnerabilities
8 Hardware HP Color Laserjet Cm3530 Details Vulnerabilities
9 Hardware HP Color Laserjet Cm4540 MFP Details Vulnerabilities
10 Hardware HP Color Laserjet Cm4730 MFP Details Vulnerabilities
11 Hardware HP Color Laserjet Cm6030 Details Vulnerabilities
12 Hardware HP Color Laserjet Cm6040 Details Vulnerabilities
13 Hardware HP Color Laserjet Cp3505 Details Vulnerabilities
14 Hardware HP Color Laserjet Cp3525 Details Vulnerabilities
15 Hardware HP Color Laserjet Cp4005 Details Vulnerabilities
16 Hardware HP Color Laserjet Cp5525 Details Vulnerabilities
17 Hardware HP Color Laserjet Cp6015 Details Vulnerabilities
18 Hardware HP Color Laserjet Enterprise Cp4520 Details Vulnerabilities
19 Hardware HP Color Laserjet Enterprise Cp4525 Details Vulnerabilities
20 Hardware HP Color Mfp Cm8060 - - Edgeline Details Vulnerabilities
21 Hardware HP Digital Sender 9200c Details Vulnerabilities
22 Hardware HP Digital Sender 9250c Details Vulnerabilities
23 Hardware HP Laserjet 4240 Details Vulnerabilities
24 Hardware HP Laserjet 4250 Details Vulnerabilities
25 Hardware HP Laserjet 4345 Mfp Details Vulnerabilities
26 Hardware HP Laserjet 4350 Details Vulnerabilities
27 Hardware HP Laserjet 5200 Details Vulnerabilities
28 Hardware HP Laserjet 9040 Details Vulnerabilities
29 Hardware HP Laserjet 9050 Details Vulnerabilities
30 Hardware HP Laserjet Enterprise 500 Color M551 Details Vulnerabilities
31 Hardware HP Laserjet Enterprise 600 M601 Details Vulnerabilities
32 Hardware HP Laserjet Enterprise 600 M602 Details Vulnerabilities
33 Hardware HP Laserjet Enterprise 600 M603 Details Vulnerabilities
34 Hardware HP Laserjet Enterprise M4555 MFP Details Vulnerabilities
35 Hardware HP Laserjet Enterprise P3015 Details Vulnerabilities
36 Hardware HP Laserjet M3035 Details Vulnerabilities
37 Hardware HP Laserjet M5035 Details Vulnerabilities
38 Hardware HP Laserjet M9040 Details Vulnerabilities
39 Hardware HP Laserjet M9050 Details Vulnerabilities
40 Hardware HP Laserjet P3005 Details Vulnerabilities
41 Hardware HP Laserjet P4014 Details Vulnerabilities
42 Hardware HP Laserjet P4015 Details Vulnerabilities
43 Hardware HP Laserjet P4515 Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
HP Color Laserjet 3000 1
HP Color Laserjet 3800 1
HP Color Laserjet 4700 1
HP Color Laserjet 4730 1
HP Color Laserjet 4730 Mfp 1
HP Color Laserjet 5550 1
HP Color Laserjet 9500 1
HP Color Laserjet Cm3530 1
HP Color Laserjet Cm4540 1
HP Color Laserjet Cm4730 1
HP Color Laserjet Cm6030 1
HP Color Laserjet Cm6040 1
HP Color Laserjet Cp3505 1
HP Color Laserjet Cp3525 1
HP Color Laserjet Cp4005 1
HP Color Laserjet Cp5525 1
HP Color Laserjet Cp6015 1
HP Color Laserjet Enterprise Cp4520 1
HP Color Laserjet Enterprise Cp4525 1
HP Color Mfp Cm8060 1
HP Digital Sender 9200c 1
HP Digital Sender 9250c 1
HP Laserjet 4240 1
HP Laserjet 4250 1
HP Laserjet 4345 Mfp 1
HP Laserjet 4350 1
HP Laserjet 5200 1
HP Laserjet 9040 1
HP Laserjet 9050 1
HP Laserjet Enterprise 500 Color 1
HP Laserjet Enterprise 600 3
HP Laserjet Enterprise M4555 1
HP Laserjet Enterprise P3015 1
HP Laserjet M3035 1
HP Laserjet M5035 1
HP Laserjet M9040 1
HP Laserjet M9050 1
HP Laserjet P3005 1
HP Laserjet P4014 1
HP Laserjet P4015 1
HP Laserjet P4515 1

- References For CVE-2011-4161

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
HP SSRT100692
http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
http://www.securityfocus.com/bid/51324
BID 51324 RETIRED: HP Printers and HP Digital Sender Firmware Update Remote Code Execution Vulnerability Release Date:2012-02-17
http://secunia.com/advisories/47063
SECUNIA 47063
http://www.kb.cert.org/vuls/id/717921
CERT-VN VU#717921
http://www.securitytracker.com/id?1026357
SECTRACK 1026357
https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html
MLIST [dailydave] 20111130 The Vampire Diaries

- Metasploit Modules Related To CVE-2011-4161

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.