The host is running HP LaserJet Printer and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to obtain the sensitive information. Impact Level: Application

No solution or patch is available as of 28th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www8.hp.com

- There are Information Leakage and Insufficient Authorization vulnerabilities in HP LaserJet. Vulnerabilities are in control panel of HP network MFP and printers. - There is access without authorization to information about all settings of the printer (read only, but it's possible to find printers with possibility to change settings). - In section 'Print Information Pages' it is possible to print test documents without authorization. Thus without login and password it's possible to waste paper and cartridge of the printer.

HP network MFP and printers with firmware 20130415 and previous versions.

Send a crafted data via HTTP GET request and check whether it is able to read the sensitive information.

• http://seclists.org/fulldisclosure/2014/Dec/98)
• http://seclists.org/fulldisclosure/2015/Jan/118

---

Updated on 2015-03-25