{"vuid":"VU#782451","idnumber":"782451","name":"HP LaserJet Professional printer telnet debug shell vulnerability","keywords":["HP","LaserJet","telnet","debug"],"overview":"Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.","clean_desc":"Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. For additional vulnerability information and a list of affected devices see HP Security Bulletin HPSBPI02851 SSRT101078.","impact":"A remote unauthenticated attacker can connect to the telnet debug shell and gain unauthorized access to data.","resolution":"Update HP has provided updated printer firmware to resolve this issue. Firmware download information can be found in HP Security Bulletin HPSBPI02851 SSRT101078.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks.","sysaffected":"","thanks":"Thanks to Christoph von Wittich of Hentschke Bau GmbH\n for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p","s",":","/","/","h","2","0","5","6","6",".","w","w","w","2",".","h","p",".","c","o","m","/","p","o","r","t","a","l","/","s","i","t","e","/","h","p","s","c","/","p","u","b","l","i","c","/","k","b","/","d","o","c","D","i","s","p","l","a","y","?","d","o","c","I","d","=","e","m","r","_","n","a","-","c","0","3","6","8","4","2","4","9"],"cveids":["CVE-2012-5215"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-11-30T20:33:23Z","publicdate":"2013-03-06T00:00:00Z","datefirstpublished":"2013-03-11T12:39:14Z","dateupdated":"2013-03-11T12:39:15Z","revision":8,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.8","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:C/A:C","cvss_temporalscore":"6.2","cvss_environmentalscore":"1.6","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}