Vulnerability Details : CVE-2012-5221
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
Vulnerability category: Directory traversal
Products affected by CVE-2012-5221
- cpe:2.3:h:hp:laserjet_9050:q7697a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_4250:q5400a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_4350:q5407a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_9040:q7697a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_5550:q3714a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_9500_mfp:c8549a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_4700:q7492a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_4730_mfp:cb480a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_4345_mfp:q3942a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m5035_mfp:q7829a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m5025_mfp:q7840a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m3035_mfp:cb414a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m3035_mfp:cc519a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m3027_mfp:cb416a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m4345_mfp:cb425a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_9050_mfp:q3721a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_p3005:q7812a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_p4014:cb507a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_p4015:cb509a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_4240:q7785a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_5200n:q7543a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_9040_mfp:q3721a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_cp6015:q3932a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m9040_mpf:cc394a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_m9050_mpf:cc395a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_p4515:cb514a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_cp3505:cb442a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_3000:q7534a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_3800:q5981a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_cp3525:cc469a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_cp4005:cb503a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:cc493a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:digital_sender_9250c:cb472a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_enterprise_p3015:ce526a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_cm6030_mfp:ce664a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_cm6040_mfp:q3939a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_enterprise_cp4025:cc490a:*:*:*:*:*:*:*
- cpe:2.3:h:hp:laserjet_5200l:q7543a:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5221
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5221
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2012-5221
-
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023
Protect Your Business with Verisign’s Security Services – Verisign
-
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
Jump to