製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の HP 製レーザープリンタのファームウェアにおける任意のファイルを読まれる脆弱性

Title	複数の HP 製レーザープリンタのファームウェアにおける任意のファイルを読まれる脆弱性
Summary	HP LaserJet、LaserJet Enterprise、Color LaserJet、Color LaserJet Enterprise、および Digital Sender のファームウェアには、任意のファイルを読まれる脆弱性が存在します。
Possible impacts	第三者により、任意のファイルを読まれる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 25, 2013, midnight
Registration Date	May 1, 2013, 2:59 p.m.
Last Update	May 1, 2013, 2:59 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

ヒューレット・パッカード

HP Color LaserJet 3000

HP Color LaserJet 3800

HP Color LaserJet 4700

HP Color LaserJet 4730 MFP

HP Color LaserJet 5550

HP Color LaserJet 9500 MFP

HP Color LaserJet CM6030 MFP

HP Color LaserJet CM6040 MFP

HP Color LaserJet CP3505

HP Color LaserJet CP3525

HP Color LaserJet CP4005

HP Color LaserJet CP6015

HP Color LaserJet Enterprise CP4025

HP Color LaserJet Enterprise CP4525

HP Digital Sender 9250c

HP LaserJet 4240

HP LaserJet 4250

HP LaserJet 4345 MFP

HP LaserJet 4350

HP LaserJet 5200L

HP LaserJet 5200n

HP LaserJet 9040

HP LaserJet 9040 MFP

HP LaserJet 9050

HP LaserJet 9050 MFP

HP LaserJet Enterprise P3015

HP LaserJet M3027 MFP

HP LaserJet M3035 MFP

HP LaserJet M4345 MFP

HP LaserJet M5025 MFP

HP LaserJet M5035 MFP

HP LaserJet M9040 MFP

HP LaserJet M9050 MFP

HP LaserJet P3005

HP LaserJet P4014

HP LaserJet P4015

HP LaserJet P4515

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-5221	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5221
National Vulnerability Database (NVD)
2	CVE-2012-5221	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5221

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
HP Security Bulletin
1	HPSBPI02869 SSRT100936	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03744742

Change Log

No	Changed Details	Date of change
0	[2013年05月01日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-5221

Summary	Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
Publication Date	April 30, 2013, 6:55 a.m.
Registration Date	Jan. 28, 2021, 3:05 p.m.
Last Update	Nov. 21, 2024, 10:44 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:cc493a:::::::*
cpe:2.3:h:hp:laserjet_4345_mfp:q3942a:::::::*
cpe:2.3:h:hp:laserjet_9040:q7697a:::::::*
cpe:2.3:h:hp:laserjet_p4015:cb509a:::::::*
cpe:2.3:h:hp:color_laserjet_cp3525:cc469a:::::::*
cpe:2.3:h:hp:laserjet_m3035_mfp:cc519a:::::::*
cpe:2.3:h:hp:color_laserjet_cp4005:cb503a:::::::*
cpe:2.3:h:hp:color_laserjet_cp3505:cb442a:::::::*
cpe:2.3:h:hp:laserjet_9050_mfp:q3721a:::::::*
cpe:2.3:h:hp:laserjet_p3005:q7812a:::::::*
cpe:2.3:h:hp:laserjet_m5025_mfp:q7840a:::::::*
cpe:2.3:h:hp:color_laserjet_cp6015:q3932a:::::::*
cpe:2.3:h:hp:laserjet_5200n:q7543a:::::::*
cpe:2.3:h:hp:laserjet_m5035_mfp:q7829a:::::::*
cpe:2.3:h:hp:laserjet_m4345_mfp:cb425a:::::::*
cpe:2.3:h:hp:laserjet_m3027_mfp:cb416a:::::::*
cpe:2.3:h:hp:laserjet_4350:q5407a:::::::*
cpe:2.3:h:hp:laserjet_p4515:cb514a:::::::*
cpe:2.3:h:hp:laserjet_5200l:q7543a:::::::*
cpe:2.3:h:hp:color_laserjet_cm6030_mfp:ce664a:::::::*
cpe:2.3:h:hp:color_laserjet_cm6040_mfp:q3939a:::::::*
cpe:2.3:h:hp:color_laserjet_enterprise_cp4025:cc490a:::::::*
cpe:2.3:h:hp:color_laserjet_4730_mfp:cb480a:::::::*
cpe:2.3:h:hp:laserjet_enterprise_p3015:ce526a:::::::*
cpe:2.3:h:hp:laserjet_9040_mfp:q3721a:::::::*
cpe:2.3:h:hp:color_laserjet_4700:q7492a:::::::*
cpe:2.3:h:hp:digital_sender_9250c:cb472a:::::::*
cpe:2.3:h:hp:laserjet_4240:q7785a:::::::*
cpe:2.3:h:hp:laserjet_m9040_mpf:cc394a:::::::*
cpe:2.3:h:hp:color_laserjet_9500_mfp:c8549a:::::::*
cpe:2.3:h:hp:laserjet_p4014:cb507a:::::::*
cpe:2.3:h:hp:laserjet_4250:q5400a:::::::*
cpe:2.3:h:hp:color_laserjet_3800:q5981a:::::::*
cpe:2.3:h:hp:laserjet_m9050_mpf:cc395a:::::::*
cpe:2.3:h:hp:laserjet_m3035_mfp:cb414a:::::::*
cpe:2.3:h:hp:laserjet_9050:q7697a:::::::*
cpe:2.3:h:hp:color_laserjet_3000:q7534a:::::::*
cpe:2.3:h:hp:color_laserjet_5550:q3714a:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023
2	http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023
3	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742	Vendor Advisory
4	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742	Vendor Advisory
5	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742	Vendor Advisory
6	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742	Vendor Advisory

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:cc493a:::::::*
cpe:2.3:h:hp:laserjet_4345_mfp:q3942a:::::::*
cpe:2.3:h:hp:laserjet_9040:q7697a:::::::*
cpe:2.3:h:hp:laserjet_p4015:cb509a:::::::*
cpe:2.3:h:hp:color_laserjet_cp3525:cc469a:::::::*
cpe:2.3:h:hp:laserjet_m3035_mfp:cc519a:::::::*
cpe:2.3:h:hp:color_laserjet_cp4005:cb503a:::::::*
cpe:2.3:h:hp:color_laserjet_cp3505:cb442a:::::::*
cpe:2.3:h:hp:laserjet_9050_mfp:q3721a:::::::*
cpe:2.3:h:hp:laserjet_p3005:q7812a:::::::*
cpe:2.3:h:hp:laserjet_m5025_mfp:q7840a:::::::*
cpe:2.3:h:hp:color_laserjet_cp6015:q3932a:::::::*
cpe:2.3:h:hp:laserjet_5200n:q7543a:::::::*
cpe:2.3:h:hp:laserjet_m5035_mfp:q7829a:::::::*
cpe:2.3:h:hp:laserjet_m4345_mfp:cb425a:::::::*
cpe:2.3:h:hp:laserjet_m3027_mfp:cb416a:::::::*
cpe:2.3:h:hp:laserjet_4350:q5407a:::::::*
cpe:2.3:h:hp:laserjet_p4515:cb514a:::::::*
cpe:2.3:h:hp:laserjet_5200l:q7543a:::::::*
cpe:2.3:h:hp:color_laserjet_cm6030_mfp:ce664a:::::::*
cpe:2.3:h:hp:color_laserjet_cm6040_mfp:q3939a:::::::*
cpe:2.3:h:hp:color_laserjet_enterprise_cp4025:cc490a:::::::*
cpe:2.3:h:hp:color_laserjet_4730_mfp:cb480a:::::::*
cpe:2.3:h:hp:laserjet_enterprise_p3015:ce526a:::::::*
cpe:2.3:h:hp:laserjet_9040_mfp:q3721a:::::::*
cpe:2.3:h:hp:color_laserjet_4700:q7492a:::::::*
cpe:2.3:h:hp:digital_sender_9250c:cb472a:::::::*
cpe:2.3:h:hp:laserjet_4240:q7785a:::::::*
cpe:2.3:h:hp:laserjet_m9040_mpf:cc394a:::::::*
cpe:2.3:h:hp:color_laserjet_9500_mfp:c8549a:::::::*
cpe:2.3:h:hp:laserjet_p4014:cb507a:::::::*
cpe:2.3:h:hp:laserjet_4250:q5400a:::::::*
cpe:2.3:h:hp:color_laserjet_3800:q5981a:::::::*
cpe:2.3:h:hp:laserjet_m9050_mpf:cc395a:::::::*
cpe:2.3:h:hp:laserjet_m3035_mfp:cb414a:::::::*
cpe:2.3:h:hp:laserjet_9050:q7697a:::::::*
cpe:2.3:h:hp:color_laserjet_3000:q7534a:::::::*
cpe:2.3:h:hp:color_laserjet_5550:q3714a:::::::*