HP LaserJet Pro Printers Multiple Information Disclosures (July 2013)

high Nessus Plugin ID 69281

Synopsis

The remote printer is potentially affected by multiple information disclosure vulnerabilities.

Description

The remote HP printer is potentially affected by the following unauthorized information disclosure vulnerabilities :

- The URL '/dev/save_restore.xml' contains a hexadecimal representation of the administrator password. This URL also contains the wireless 'service set identifier' (SSID), which could aid in further attacks.

- The URL '/IoMgmt/Adapters/wifi0/WPS/Pin' contains the 'Wi-Fi Protected Setup' (WPS) PIN.

Solution

Update the printer's firmware or disable file system access via the Postscript interface.

See Also

http://www.nessus.org/u?6839c51c

http://www.nessus.org/u?08935147

https://www8.hp.com/us/en/home.html

Plugin Details

Severity: High

ID: 69281

File Name: hp_laserjetpro_data_access3.nbin

Version: 1.72

Type: remote

Family: Misc.

Published: 8/9/2013

Updated: 5/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2013-4807

Vulnerability Information

CPE: cpe:/h:hp:laserjet

Exploit Ease: No known exploits are available

Patch Publication Date: 7/26/2013

Vulnerability Publication Date: 7/31/2013

Reference Information

CVE: CVE-2013-4807

BID: 61565

IAVB: 2013-B-0080