CVE-2010-4107

HP JetDirect PJL - Interface Universal Directory Traversal

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

La configuración por defecto del valor PJL Access en las opciones de File System External Access de las impresoras HP LaserJet MFP, Color LaserJet MFP, LaserJet 4100, 4200, 4300, 5100, 8150, y 9000, activan los comandos PJL que usa el sistema de archivos del dispositivo, lo que permite a atacantes remotos la lectura de archivos de su elección a través de un comando en el trabajo activo como se ha demostrado con un ataque de salto de directorio.

A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:\..\..\..\ it is possible to get access to the complete file system of the device.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-10-27 CVE Reserved
2010-11-16 CVE Published
2010-11-29 First Exploit
2024-08-07 CVE Updated
2024-10-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (13)

URL	Tag	Source
http://securityreason.com/securityalert/8328	Third Party Advisory
http://securitytracker.com/id?1024741	Vdb Entry
http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf	X_refsource_misc
http://www.securityfocus.com/bid/44882	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/63261	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/17635	2011-08-07
https://www.exploit-db.com/exploits/17636	2011-08-07
https://www.exploit-db.com/exploits/15631	2010-11-29
https://www.exploit-db.com/exploits/32990	2014-04-23
http://www.exploit-db.com/exploits/15631	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/42238	2017-08-17
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333	2017-08-17
http://www.vupen.com/english/advisories/2010/2987	2017-08-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"		9000 Search vendor "Hp" for product "9000"				*		-		Affected
Hp Search vendor "Hp"		Color Laserjet Mfp Search vendor "Hp" for product "Color Laserjet Mfp"				*		-		Affected
Hp Search vendor "Hp"		Laserjet 4100 Search vendor "Hp" for product "Laserjet 4100"				*		-		Affected
Hp Search vendor "Hp"		Laserjet 4200 Search vendor "Hp" for product "Laserjet 4200"				*		-		Affected
Hp Search vendor "Hp"		Laserjet 4300 Search vendor "Hp" for product "Laserjet 4300"				*		-		Affected
Hp Search vendor "Hp"		Laserjet 5100 Search vendor "Hp" for product "Laserjet 5100"				*		-		Affected
Hp Search vendor "Hp"		Laserjet 8150 Search vendor "Hp" for product "Laserjet 8150"				*		-		Affected
Hp Search vendor "Hp"		Laserjet Mfp Search vendor "Hp" for product "Laserjet Mfp"				*		-		Affected