Sign-up

ID

VAR-201304-0028


CVE

CVE-2012-5221


TITLE

plural HP Vulnerability to read arbitrary file in firmware of laser printer

Trust: 0.8

sources: JVNDB: JVNDB-2013-002518

DESCRIPTION

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors. HP LaserJet Printers is a family of laser printers developed by Hewlett Packard. Multiple HP Laser Printer products have security vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass certain security restrictions and access certain files. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03744742 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03744742 Version: 3 HPSBPI02869 SSRT100936 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerability could be exploited remotely to gain unauthorized access to files. References: CVE-2012-5221, iDefense [V-bxys4j4rnm], SSRT100936 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products . BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-5221 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrei Costin working with the iDefense Vulnerability Contributor Program for reporting this vulnerability to security-alert@hp.com. RESOLUTION HP recommends following the HP Imaging and Printing Security Best Practices available at http://h71028.www7.hp.com/enterprise/downloads/HP-Imaging10.pdf . Page 51 documents how to disable file access via Postscript. In addition, HP has provided firmware updates that address this potential vulnerability. Please see the table below. To obtain the updated firmware, go to www.hp.com and follow the below steps to obtain the firmware Update. Obtain the firmware update from www.hp.com : Select "Drivers & Software". Enter the product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware". Note use the firmware version listed or a more recent version, one that has a higher revision number. Firmware Updates Product Name Model Firmware Update Version HP Color LaserJet 3000 Q7534A v 46.070.1 (or higher) HP Color LaserJet 3800 Q5981A v 46.070.1 (or higher) HP Color LaserJet 4700 Q7492A v 46.220.1 (or higher) HP Color LaserJet 4730 Multifunction Printer Q7517A v 46.370.1 (or higher) HP Color LaserJet CM4730 Multifunction Printer CB480A v 50.272.8 (or higher) HP Color LaserJet 5550 Q3714A v 07.220.1 (or higher) HP Color LaserJet 9500 Multifunction Printer C8549A v 08.280.1 (or higher) HP Color LaserJet CM6030 Multifunction Printer CE664A v 52.243.0 (or higher) HP Color LaserJet CM6040 Multifunction Printer Q3939A v 52.243.0 (or higher) HP Color LaserJet CP3505 CB442A v 03.150.1 (or higher) HP Color LaserJet CP3525 CC469A v 06.171.2 (or higher) HP Color LaserJet CP4005 CB503A v 46.220.1 (or higher) HP Color LaserJet CP6015 Q3932A v 04.191.2 (or higher) HP Color LaserJet Enterprise CP4025 CC490A v 07.151.3 (or higher) HP Color LaserJet Enterprise CP4525 CC493A v 07.151.3 (or higher) HP LaserJet 4240 Q7785A v 08.240.1 (or higher) HP LaserJet 4250 Q5400A v 08.240.1 (or higher) HP LaserJet 4345 Multifunction Printer Q3942A v 09.290.1 (or higher) HP LaserJet 4350 Q5407A v 08.240.1 (or higher) HP LaserJet 5200L Q7543A v 08.220.8 (or higher) HP LaserJet 5200N Q7543A v 08.220.8 (or higher) HP LaserJet 9040 Q7697A v 08.240.2 (or higher) HP LaserJet 9040 Multifunction Printer Q3721A v 08.280.1 (or higher) HP LaserJet 9050 Q7697A v 08.240.2 (or higher) HP LaserJet 9050 Multifunction Printer Q3721A v 08.280.1 (or higher) HP LaserJet Enterprise P3015 CE526A v 07.171.2 (or higher) HP LaserJet M3027 Multifunction Printer CB416A v 48.292.8 (or higher) HP LaserJet M3035 Multifunction Printer CB414A v 48.292.8 (or higher) HP LaserJet CM3530 Multifunction Printer CC519A v 53.222.8 (or higher) HP LaserJet M4345 Multifunction Printer CB425A v 48.292.8 (or higher) HP LaserJet M5025 Multifunction Printer Q7840A v 48.292.8 (or higher) HP LaserJet M5035 Multifunction Printer Q7829A v 48.292.8 (or higher) HP LaserJet M9040 Multifunction Printer CC394A v 51.242.7 (or higher) HP LaserJet M9050 Multifunction Printer CC395A v 51.242.7 (or higher) HP LaserJet P3005 Q7812A v 02.180.1 (or higher) HP LaserJet P4014 CB507A v 04.201.2 (or higher) HP LaserJet P4015 CB509A v 04.201.2 (or higher) HP LaserJet P4515 CB514A v 04.201.2 (or higher) HP 9250c Digital Sender CB472A v 48.282.8 (or higher) HISTORY Version:1 (rev.1) - 25 April 2013 Initial release Version:2 (rev.2) - 29 May 2013 Added a work around, added CM3530 printer, added a CM4730 printer, changed firmware version on CP3525, CM6030, CM6040 printers, changed model numbers for 9050 printer, added leading '0' to all firmware versions whose major version was a single digit. Merged 'Supported Software Versions' table, into 'Resolution' table. Version:3 (rev.3) - 20 February 2014 Updated firmware versions in 'Supported Software Versions' table, clarified Resolution instructions. Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlMGKroACgkQ4B86/C0qfVlS8gCcDgxsY8t4pERTC03RMDZbJBvm W4kAn3OHeoC8tSpppNV6haPe4+bwz+ro =oxhf -----END PGP SIGNATURE----- . Alternatively, to use the work around, please follow the steps in the 'work around'

Trust: 2.79

sources: NVD: CVE-2012-5221 // JVNDB: JVNDB-2013-002518 // CNVD: CNVD-2013-04548 // BID: 59511 // VULMON: CVE-2012-5221 // PACKETSTORM: 121449 // PACKETSTORM: 125434 // PACKETSTORM: 121827

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04548

AFFECTED PRODUCTS

vendor:hpmodel:color laserjet enterprise cp4025scope:eqversion:cc490a

Trust: 1.6

vendor:hpmodel:laserjet 4240scope:eqversion:q7785a

Trust: 1.6

vendor:hpmodel:laserjet 4350scope:eqversion:q5407a

Trust: 1.6

vendor:hpmodel:color laserjet cp3505scope:eqversion:cb442a

Trust: 1.6

vendor:hpmodel:color laserjet cp3525scope:eqversion:cc469a

Trust: 1.6

vendor:hpmodel:color laserjet enterprise cp4525scope:eqversion:cc493a

Trust: 1.6

vendor:hpmodel:color laserjet cp4005scope:eqversion:cb503a

Trust: 1.6

vendor:hpmodel:laserjet 4345 mfpscope:eqversion:q3942a

Trust: 1.6

vendor:hpmodel:laserjet 4250scope:eqversion:q5400a

Trust: 1.6

vendor:hpmodel:color laserjet cp6015scope:eqversion:q3932a

Trust: 1.6

vendor:hpmodel:laserjet 5200nscope:eqversion:q7543a

Trust: 1.0

vendor:hpmodel:laserjet enterprise p3015scope:eqversion:ce526a

Trust: 1.0

vendor:hpmodel:laserjet m5025 mfpscope:eqversion:q7840a

Trust: 1.0

vendor:hpmodel:color laserjet cm6040 mfpscope:eqversion:q3939a

Trust: 1.0

vendor:hpmodel:laserjet p3005scope:eqversion:q7812a

Trust: 1.0

vendor:hpmodel:laserjet m3027 mfpscope:eqversion:cb416a

Trust: 1.0

vendor:hpmodel:color laserjet cm6030 mfpscope:eqversion:ce664a

Trust: 1.0

vendor:hpmodel:laserjet 9040 mfpscope:eqversion:q3721a

Trust: 1.0

vendor:hpmodel:color laserjet 3800scope:eqversion:q5981a

Trust: 1.0

vendor:hpmodel:color laserjet 4700scope:eqversion:q7492a

Trust: 1.0

vendor:hpmodel:digital sender 9250cscope:eqversion:cb472a

Trust: 1.0

vendor:hpmodel:laserjet m3035 mfpscope:eqversion:cc519a

Trust: 1.0

vendor:hpmodel:laserjet p4014scope:eqversion:cb507a

Trust: 1.0

vendor:hpmodel:laserjet m9040 mpfscope:eqversion:cc394a

Trust: 1.0

vendor:hpmodel:color laserjet 5550scope:eqversion:q3714a

Trust: 1.0

vendor:hpmodel:laserjet p4015scope:eqversion:cb509a

Trust: 1.0

vendor:hpmodel:laserjet 9040scope:eqversion:q7697a

Trust: 1.0

vendor:hpmodel:laserjet 5200lscope:eqversion:q7543a

Trust: 1.0

vendor:hpmodel:color laserjet 4730 mfpscope:eqversion:cb480a

Trust: 1.0

vendor:hpmodel:laserjet 9050 mfpscope:eqversion:q3721a

Trust: 1.0

vendor:hpmodel:laserjet 9050scope:eqversion:q7697a

Trust: 1.0

vendor:hpmodel:laserjet p4515scope:eqversion:cb514a

Trust: 1.0

vendor:hpmodel:laserjet m3035 mfpscope:eqversion:cb414a

Trust: 1.0

vendor:hpmodel:laserjet m4345 mfpscope:eqversion:cb425a

Trust: 1.0

vendor:hpmodel:laserjet m5035 mfpscope:eqversion:q7829a

Trust: 1.0

vendor:hpmodel:laserjet m9050 mpfscope:eqversion:cc395a

Trust: 1.0

vendor:hpmodel:color laserjet 9500 mfpscope:eqversion:c8549a

Trust: 1.0

vendor:hpmodel:color laserjet 3000scope:eqversion:q7534a

Trust: 1.0

vendor:hewlett packardmodel:hp color laserjet 3000scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet 3800scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet 4700scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet 4730 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet 5550scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet 9500 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet cm6030 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet cm6040 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet cp3505scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet cp3525scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet cp4005scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet cp6015scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet enterprise cp4025scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp color laserjet enterprise cp4525scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp digital sender 9250cscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 4240scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 4250scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 4345 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 4350scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 5200lscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 5200nscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 9040scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 9040 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 9050scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet 9050 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet enterprise p3015scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet m3027 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet m3035 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet m4345 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet m5025 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet m5035 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet m9040 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet m9050 mfpscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet p3005scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet p4014scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet p4015scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjet p4515scope: - version: -

Trust: 0.8

vendor:hpmodel:laserjet p4014scope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet p4015scope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet p4515scope: - version: -

Trust: 0.6

vendor:hpmodel:color laserjet cp6015scope: - version: -

Trust: 0.6

vendor:hpmodel:color laserjet seriesscope:eqversion:3000

Trust: 0.6

vendor:hpmodel:color laserjet seriesscope:eqversion:3800

Trust: 0.6

vendor:hpmodel:color laserjet seriesscope:eqversion:4700

Trust: 0.6

vendor:hpmodel:color laserjet seriesscope:eqversion:4730

Trust: 0.6

vendor:hpmodel:color laserjet seriesscope:eqversion:5550

Trust: 0.6

vendor:hpmodel:color laserjet seriesscope:eqversion:9500

Trust: 0.6

vendor:hpmodel:color laserjet cm6030/cm6040 mfp seriesscope: - version: -

Trust: 0.6

vendor:hpmodel:color laserjet cp3505 seriesscope: - version: -

Trust: 0.6

vendor:hpmodel:color laserjet cp3525 seriesscope: - version: -

Trust: 0.6

vendor:hpmodel:color laserjet cp4005 seriesscope: - version: -

Trust: 0.6

vendor:hpmodel:color laserjet cp4025/cp seriesscope:eqversion:4525

Trust: 0.6

vendor:hpmodel:laserjet seriesscope:eqversion:4240/4250/4340

Trust: 0.6

vendor:hpmodel:laserjet seriesscope:eqversion:4345

Trust: 0.6

vendor:hpmodel:laserjet seriesscope:eqversion:4350

Trust: 0.6

vendor:hpmodel:laserjet seriesscope:eqversion:5200

Trust: 0.6

vendor:hpmodel:laserjet seriesscope:eqversion:9040/9050

Trust: 0.6

vendor:hpmodel:laserjet m3027/3035 mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet m4345 multifunction printer seriesscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet m5025/5035 mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet m5035 mfp series m9040/m9050 multifunctionscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet p3005 seriesscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet p3015 seriesscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet p4515scope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet p4015scope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet p4014scope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet p3005scope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet m5035 multifunction printerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet m5025 multifunction printerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet enterprise p3015scope: - version: -

Trust: 0.3

vendor:hpmodel:laserjet mfpscope:eqversion:90500

Trust: 0.3

vendor:hpmodel:laserjetscope:eqversion:90500

Trust: 0.3

vendor:hpmodel:laserjet 9040mpfscope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjetscope:eqversion:90400

Trust: 0.3

vendor:hpmodel:laserjet 5200nscope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjet 5200lscope:eqversion:0

Trust: 0.3

vendor:hpmodel:laserjetscope:eqversion:43500

Trust: 0.3

vendor:hpmodel:laserjet mfpscope:eqversion:43450

Trust: 0.3

vendor:hpmodel:laserjetscope:eqversion:42500

Trust: 0.3

vendor:hpmodel:laserjetscope:eqversion:42400

Trust: 0.3

vendor:hpmodel:ds9250c digital senderscope:eqversion:0

Trust: 0.3

vendor:hpmodel:color laserjet enterprise cp4525scope: - version: -

Trust: 0.3

vendor:hpmodel:color laserjet cp6015scope:eqversion:0

Trust: 0.3

vendor:hpmodel:color laserjet cp3505scope:eqversion:0

Trust: 0.3

vendor:hpmodel:color laserjet cm3530scope:eqversion:0

Trust: 0.3

vendor:hpmodel:color laserjet 9500mfpscope:eqversion:0

Trust: 0.3

vendor:hpmodel:color laserjetscope:eqversion:5550

Trust: 0.3

vendor:hpmodel:color laserjet mfpscope:eqversion:47300

Trust: 0.3

vendor:hpmodel:color laserjetscope:eqversion:47000

Trust: 0.3

vendor:hpmodel:color laserjetscope:eqversion:3800

Trust: 0.3

vendor:hpmodel:color laserjetscope:eqversion:3000

Trust: 0.3

vendor:hpmodel:color laserjet m3530 multifunction printerscope:neversion:05.058.4

Trust: 0.3

vendor:hpmodel:color laserjet cp3525 printerscope:neversion:05.058.4

Trust: 0.3

sources: CNVD: CNVD-2013-04548 // BID: 59511 // JVNDB: JVNDB-2013-002518 // CNNVD: CNNVD-201304-581 // NVD: CVE-2012-5221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5221
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-5221
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-04548
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201304-581
value: MEDIUM

Trust: 0.6

VULMON: CVE-2012-5221
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-5221
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2013-04548
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-04548 // VULMON: CVE-2012-5221 // JVNDB: JVNDB-2013-002518 // CNNVD: CNNVD-201304-581 // NVD: CVE-2012-5221

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-5221

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-581

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201304-581

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002518

PATCH
title:HPSBPI02869 SSRT100936url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03744742
Trust: 0.8
title:Multiple HP LaserJet Printers Information Disclosure Vulnerability Patchesurl:https://www.cnvd.org.cn/patchInfo/show/33700
Trust: 0.6
title:HP: HPSBPI02869 SSRT100936 rev.4 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Filesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI02869
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBPI02869 SSRT100936 rev.4 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Filesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=b9eafb6f3872de879c3b5af0d15d953c
Trust: 0.1
title: - url:https://github.com/aredspy/HPCredDumper 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04548 // 
            
            
            
            VULMON: CVE-2012-5221 // 
            
            
            
            JVNDB: JVNDB-2013-002518

EXTERNAL IDS
db:NVDid:CVE-2012-5221
Trust: 3.7
db:BIDid:59511
Trust: 1.5
db:SECUNIAid:53220
Trust: 1.2
db:JVNDBid:JVNDB-2013-002518
Trust: 0.8
db:CNVDid:CNVD-2013-04548
Trust: 0.6
db:HPid:HPSBPI02869
Trust: 0.6
db:HPid:SSRT100936
Trust: 0.6
db:CNNVDid:CNNVD-201304-581
Trust: 0.6
db:VULMONid:CVE-2012-5221
Trust: 0.1
db:PACKETSTORMid:121449
Trust: 0.1
db:PACKETSTORMid:125434
Trust: 0.1
db:PACKETSTORMid:121827
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04548 // 
            
            
            
            VULMON: CVE-2012-5221 // 
            
            
            
            BID: 59511 // 
            
            
            
            JVNDB: JVNDB-2013-002518 // 
            
            
            
            PACKETSTORM: 121449 // 
            
            
            
            PACKETSTORM: 125434 // 
            
            
            
            PACKETSTORM: 121827 // 
            
            
            
            CNNVD: CNNVD-201304-581 // 
            
            
            
            NVD: CVE-2012-5221

REFERENCES
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03744742
Trust: 2.3
url:http://www.verisigninc.com/en_us/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5221
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5221
Trust: 0.8
url:http://www.secunia.com/advisories/53220/
Trust: 0.6
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03744742
Trust: 0.6
url:http://www.hp.com
Trust: 0.6
url:http://secunia.com/advisories/53220
Trust: 0.6
url:http://www.securityfocus.com/bid/59511
Trust: 0.6
url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-5221
Trust: 0.3
url:http://h71028.www7.hp.com/enterprise/downloads/hp-imaging10.pdf
Trust: 0.2
url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
Trust: 0.2
url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://github.com/aredspy/hpcreddumper
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.hp.com/us-en/document/c03744742
Trust: 0.1
url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/
Trust: 0.1
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04548 // 
            
            
            
            VULMON: CVE-2012-5221 // 
            
            
            
            BID: 59511 // 
            
            
            
            JVNDB: JVNDB-2013-002518 // 
            
            
            
            PACKETSTORM: 121449 // 
            
            
            
            PACKETSTORM: 125434 // 
            
            
            
            PACKETSTORM: 121827 // 
            
            
            
            CNNVD: CNNVD-201304-581 // 
            
            
            
            NVD: CVE-2012-5221

CREDITS
V-bxys4j4rnm via iDefense
Trust: 0.9
sources:
            
            
            BID: 59511 // 
            
            
            
            CNNVD: CNNVD-201304-581

SOURCES
db:CNVDid:CNVD-2013-04548
db:VULMONid:CVE-2012-5221
db:BIDid:59511
db:JVNDBid:JVNDB-2013-002518
db:PACKETSTORMid:121449
db:PACKETSTORMid:125434
db:PACKETSTORMid:121827
db:CNNVDid:CNNVD-201304-581
db:NVDid:CVE-2012-5221

LAST UPDATE DATE
2024-11-23T21:55:37.491000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04548date:2013-04-29T00:00:00
db:VULMONid:CVE-2012-5221date:2013-12-31T00:00:00
db:BIDid:59511date:2014-01-25T08:05:00
db:JVNDBid:JVNDB-2013-002518date:2013-05-01T00:00:00
db:CNNVDid:CNNVD-201304-581date:2013-05-02T00:00:00
db:NVDid:CVE-2012-5221date:2024-11-21T01:44:17.060

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04548date:2013-04-29T00:00:00
db:VULMONid:CVE-2012-5221date:2013-04-29T00:00:00
db:BIDid:59511date:2013-04-26T00:00:00
db:JVNDBid:JVNDB-2013-002518date:2013-05-01T00:00:00
db:PACKETSTORMid:121449date:2013-04-29T23:33:24
db:PACKETSTORMid:125434date:2014-02-26T22:37:23
db:PACKETSTORMid:121827date:2013-05-30T23:33:00
db:CNNVDid:CNNVD-201304-581date:2013-04-27T00:00:00
db:NVDid:CVE-2012-5221date:2013-04-29T21:55:00.997