CVE-2011-4161

Name of the Vulnerable Software and Affected Versions HP CM8060 Color MFP with Edgeline version (affected versions not specified) HP Color LaserJet versions (affected versions not specified) HP Digital Sender versions (affected versions not specified) HP LaserJet versions (affected versions not specified) HP LaserJet Enterprise versions (affected versions not specified)

Description The default configuration of certain HP devices enables the Remote Firmware Update (RFU) setting. This setting allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Recommendations For HP CM8060 Color MFP with Edgeline, consider disabling the Remote Firmware Update (RFU) setting until a patch is available. For HP Color LaserJet, restrict access to TCP port 9100 to minimize the risk of exploitation. For HP Digital Sender, avoid using the default configuration and consider implementing additional security measures. For HP LaserJet, disable the RFU setting and restrict access to the device. For HP LaserJet Enterprise, consider disabling the RFU setting and implementing additional security measures to prevent remote code execution.