Sign-up

ID

VAR-201303-0046


CVE

CVE-2012-5215


TITLE

HP LaserJet Professional printer telnet debug shell vulnerability

Trust: 0.8

sources: CERT/CC: VU#782451

DESCRIPTION

Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213 allows remote attackers to modify data or cause a denial of service via unknown vectors. Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-03-06 Last Updated: 2013-03-06 Potential Security Impact: Unauthorized access to data Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Pro printers. References: CVE-2012-5215 (VU#782451, SSRT101078) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. RESOLUTION HP has provided updated printer firmware to resolve this issue. Browse to www.hp.com/go/support and then: Select "Drivers & Software" Enter the HP product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system. select your operating system, click Next Under .Select a Download. Select "Firmware" Click Download to obtain the Firmware HISTORY Version: 1 (rev.1) - 6 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlE31sgACgkQ4B86/C0qfVmILwCgjUzmV+4yR3vFRndCNZYmu44l ZEUAoLp6y3fPtayoJQh5Vy6COwxkXHKN =FX3x -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2012-5215 // CERT/CC: VU#782451 // JVNDB: JVNDB-2013-001789 // BID: 58377 // VULHUB: VHN-58496 // VULMON: CVE-2012-5215 // PACKETSTORM: 120711

AFFECTED PRODUCTS

vendor:hpmodel:laserjet pro p1606dnscope:eqversion:ce749a

Trust: 1.6

vendor:hpmodel:laserjet pro m1216nfh multifunction printerscope:eqversion:ce843a

Trust: 1.6

vendor:hpmodel:laserjet pro m1219nf mfpscope:eqversion:ce846a

Trust: 1.6

vendor:hpmodel:laserjet pro cp1025nwscope:eqversion:ce918a

Trust: 1.6

vendor:hpmodel:laserjet pro m1214nfh mfpscope:eqversion:ce842a

Trust: 1.6

vendor:hpmodel:hotspot laserjet pro m1218nfs mfpscope:eqversion:b4k88a

Trust: 1.6

vendor:hpmodel:laserjet pro p1102wscope:eqversion:ce657a

Trust: 1.6

vendor:hpmodel:laserjet pro m1217nfw multifunction printerscope:eqversion:ce844a

Trust: 1.6

vendor:hpmodel:laserjet pro p1102wscope:eqversion:ce658a

Trust: 1.6

vendor:hpmodel:laserjet pro cp1025nwscope:eqversion:ce914a

Trust: 1.6

vendor:hpmodel:laserjet pro m1213nf mfpscope:lteversion:20130210

Trust: 1.0

vendor:hpmodel:laserjet pro m1219nf mfpscope:lteversion:20130210

Trust: 1.0

vendor:hpmodel:laserjet pro m1216nfh multifunction printerscope:lteversion:20130210

Trust: 1.0

vendor:hpmodel:laserjet pro cp1025nwscope:lteversion:201302121

Trust: 1.0

vendor:hpmodel:laserjet pro m1213nf mfpscope:eqversion:ce845a

Trust: 1.0

vendor:hpmodel:laserjet pro m1214nfh mfpscope:lteversion:20130210

Trust: 1.0

vendor:hpmodel:laserjet pro p1102wscope:eqversion:20130212

Trust: 1.0

vendor:hpmodel:laserjet pro p1606dnscope:eqversion:20130212

Trust: 1.0

vendor:hpmodel:laserjet pro m1217nfw multifunction printerscope:lteversion:20130210

Trust: 1.0

vendor:hpmodel:laserjet pro m1212nf mfpscope:lteversion:20130210

Trust: 1.0

vendor:hpmodel:hotspot laserjet pro m1218nfs mfpscope:lteversion:20130210

Trust: 1.0

vendor:hpmodel:laserjet pro m1212nf mfpscope:eqversion:ce841a

Trust: 1.0

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp laserjetscope: - version: -

Trust: 0.8

vendor:hpmodel:laserjet pro p1606dnscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#782451 // BID: 58377 // JVNDB: JVNDB-2013-001789 // CNNVD: CNNVD-201303-142 // NVD: CVE-2012-5215

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2012-5215
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2012-5215
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201303-142
value: HIGH

Trust: 0.6

VULHUB: VHN-58496
value: HIGH

Trust: 0.1

VULMON: CVE-2012-5215
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-5215
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2012-5215
severity: HIGH
baseScore: 8.8
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-58496
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#782451 // VULHUB: VHN-58496 // VULMON: CVE-2012-5215 // JVNDB: JVNDB-2013-001789 // CNNVD: CNNVD-201303-142 // NVD: CVE-2012-5215

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-5215

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-142

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201303-142

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001789

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#782451 // 
            
            
            
            VULHUB: VHN-58496

PATCH
title:HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Dataurl:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03684249
Trust: 0.8
title:HP LaserJet Pro Printers Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99460
Trust: 0.6
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBPI02851 SSRT101078 rev.2 - Certain HP LaserJet Pro Printers, Unauthorized Access to Dataurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=21ade6eb0add29cefc1e0fe7656a70b8
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBPI02851 SSRT101078 rev.2 - Certain HP LaserJet Pro Printers, Unauthorized Access to Dataurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=6e1bdb1a6f69904b78092fe4e02552c0
Trust: 0.1
title:HP: HPSBPI02851 SSRT101078 rev.2 - Certain HP LaserJet Pro Printers, Unauthorized Access to Dataurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI02851
Trust: 0.1
sources:
            
            
            VULMON: CVE-2012-5215 // 
            
            
            
            JVNDB: JVNDB-2013-001789 // 
            
            
            
            CNNVD: CNNVD-201303-142

EXTERNAL IDS
db:CERT/CCid:VU#782451
Trust: 3.4
db:NVDid:CVE-2012-5215
Trust: 3.0
db:JVNid:JVNVU98055254
Trust: 0.8
db:JVNDBid:JVNDB-2013-001789
Trust: 0.8
db:CNNVDid:CNNVD-201303-142
Trust: 0.7
db:BIDid:58377
Trust: 0.4
db:PACKETSTORMid:120711
Trust: 0.2
db:VULHUBid:VHN-58496
Trust: 0.1
db:VULMONid:CVE-2012-5215
Trust: 0.1
sources:
            
            
            CERT/CC: VU#782451 // 
            
            
            
            VULHUB: VHN-58496 // 
            
            
            
            VULMON: CVE-2012-5215 // 
            
            
            
            BID: 58377 // 
            
            
            
            JVNDB: JVNDB-2013-001789 // 
            
            
            
            PACKETSTORM: 120711 // 
            
            
            
            CNNVD: CNNVD-201303-142 // 
            
            
            
            NVD: CVE-2012-5215

REFERENCES
url:http://www.kb.cert.org/vuls/id/782451
Trust: 2.7
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03684249
Trust: 2.6
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5215
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98055254/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5215
Trust: 0.8
url:http://www.hp.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=28519
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/
Trust: 0.1
url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-5215
Trust: 0.1
url:https://www.hp.com/go/support
Trust: 0.1
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#782451 // 
            
            
            
            VULHUB: VHN-58496 // 
            
            
            
            VULMON: CVE-2012-5215 // 
            
            
            
            BID: 58377 // 
            
            
            
            JVNDB: JVNDB-2013-001789 // 
            
            
            
            PACKETSTORM: 120711 // 
            
            
            
            CNNVD: CNNVD-201303-142 // 
            
            
            
            NVD: CVE-2012-5215

CREDITS
Christoph von Wittich of Hentschke Bau GmbH
Trust: 0.3
sources:
            
            
            BID: 58377

SOURCES
db:CERT/CCid:VU#782451
db:VULHUBid:VHN-58496
db:VULMONid:CVE-2012-5215
db:BIDid:58377
db:JVNDBid:JVNDB-2013-001789
db:PACKETSTORMid:120711
db:CNNVDid:CNNVD-201303-142
db:NVDid:CVE-2012-5215

LAST UPDATE DATE
2025-04-11T23:02:58.747000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#782451date:2013-03-11T00:00:00
db:VULHUBid:VHN-58496date:2019-10-09T00:00:00
db:VULMONid:CVE-2012-5215date:2019-10-09T00:00:00
db:BIDid:58377date:2013-03-06T00:00:00
db:JVNDBid:JVNDB-2013-001789date:2013-03-19T00:00:00
db:CNNVDid:CNNVD-201303-142date:2019-10-17T00:00:00
db:NVDid:CVE-2012-5215date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#782451date:2013-03-11T00:00:00
db:VULHUBid:VHN-58496date:2013-03-09T00:00:00
db:VULMONid:CVE-2012-5215date:2013-03-09T00:00:00
db:BIDid:58377date:2013-03-06T00:00:00
db:JVNDBid:JVNDB-2013-001789date:2013-03-12T00:00:00
db:PACKETSTORMid:120711date:2013-03-08T04:08:46
db:CNNVDid:CNNVD-201303-142date:2013-03-11T00:00:00
db:NVDid:CVE-2012-5215date:2013-03-09T11:55:01.570