Release date: 2012-3 3
Updated on: 2012-12-07
Affected Systems:
HP color LaserJet HP Color LaserJet CP6015
HP color LaserJet HP Color LaserJet CP4525 0
HP color LaserJet HP Color LaserJet CP4025 0
HP color LaserJet HP Color LaserJet CP3525
HP color LaserJet HP Color LaserJet CM6040 0
HP color LaserJet HP Color LaserJet CM6030 0
HP color LaserJet HP Color LaserJet CM3530 0
HP LaserJet P4515 0
HP LaserJet P4015 0
HP LaserJet P4014 0
HP LaserJet P3015 0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56820
CVE (CAN) ID: CVE-2012-3272
As a world-leading high-tech provider, HP provides a wide range of products such as laptops, desktop computers, and workstations.
The following security vulnerabilities exist in the implementation of whirlpool laser and color laser printer, which can be exploited remotely to allow cross-site scripting attacks:
HP Color LaserJet CM3530
HP Color LaserJet CM6030
HP Color LaserJet CM6040
HP Color LaserJet CP3525
HP Color LaserJet CP4025
HP Color LaserJet CP4525
HP Color LaserJet CP6015
LaserJet P3015
LaserJet P4014
LaserJet P4015
LaserJet P4515
<* Source: Dominic Sim
Link: http://seclists.org/bugtraq/2012/Dec/41
What is https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03556108
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
HP
--
HP has released a security notice (HPSBPI02828) and corresponding patches for this:
HPSBPI02828: SSRT100778 rev.1-HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)
Https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03556108
Patch download:
HP Color LaserJet CM3530
Update to version 53.190.9.
HP Color LaserJet CM6030
Update to version 52.210.9.
HP Color LaserJet CM6040
Update to version 52.210.9.
HP Color LaserJet CP3525
Upgrade to version 06.140.3 18.
HP Color LaserJet CP4025
Update to version 07.120.6.
HP Color LaserJet CP4525
Update to version 07.120.6.
HP Color LaserJet CP6015
Update to version 04.160.3.
HP LaserJet P3015
Update to version 07.140.3.
HP LaserJet P4014
Update to version 04.170.3.
HP LaserJet P4015
Update to version 04.170.3.
HP LaserJet P4515
Update to version 04.170.3.