HP LaserJet Security flaw allows remote data access
Mar 14, 2013
A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security's Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. This flaw was discovered by a Germany security expert, Christoph von Wittich . He detected the vulnerability during a routine network scan of his company's corporate network. He said the vulnerability could also be used for a denial-of-service attack. " As long as the printer is not connected to the Internet, this vulnerability should not cause much trouble for the end user ,". Marked as CVE-2012-5215 ( VU#782451 , SSRT101078), vulnerability affected 12 printer models including HP LaserJet Pro P1102w, P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh Multifunction Printer, M1217n