CVE-2018-5923
https://notcve.org/view.php?id=CVE-2018-5923
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. En HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed y HP OfficeJet Enterprise Printers, la comprobación de firmas de la aplicación de solución podría permitir la ejecución de código arbitrario. • https://support.hp.com/us-en/document/c06169434 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2013-4829
https://notcve.org/view.php?id=CVE-2013-4829
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors. HP LaserJet M4555, M525, y M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, y M775; y dispositivos ScanJet Enterprise 8500fn1 FutureSmart permiten a usuarios locales leer imágenes de los documentos escaneados arbitrariamente a través de vectores no especificados. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4828
https://notcve.org/view.php?id=CVE-2013-4828
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors. HP LaserJet M4555, M525 y M725; LaserJet MFP flow M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575 y M775, y dispositivos ScanJet Enterprise 8500fn1 FutureSmart no encriptan correctamente los documentos PDF, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014 • CWE-310: Cryptographic Issues •
CVE-2011-4161
https://notcve.org/view.php?id=CVE-2011-4161
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. La configuración por defecto de la impresora HP CM8060 Color MFP con Edgeline, y las impresoras HP Color 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx y Enterprise CPxxxx; las Digital Sender 9200c y 9250c; LaserJet 4xxx, 5200, 90XX, Mxxxx y Pxxxx y LaserJet Enterprise 500 color M551, 600, M4555 MFP, y P3015 permite la actualización remota del firmware (RFU), lo que permite a atacantes remotos ejecutar código de su elección mediante la apertura de una sesión en el puerto TCP 9100 para subir una actualización de firmware diseñada por el atacante. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449 http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112 http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say http://secunia.com/advisories/47063 http://www.kb.cert.org/vuls/id/717921 http://www.securityfocus.com/bid/51324 http://www.securitytracker.com/id?1026357 https://lists.immunityinc.com/pipermail/dailydave/ • CWE-264: Permissions, Privileges, and Access Controls •