Signature Detail
Short Name |
DOS:NETDEV:HP-LCD-MOD-9100 |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
DOS |
Keywords |
HP JetDirect LCD Modification (TCP/9100) |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DOS: HP JetDirect LCD Modification (TCP/9100)
This signature detects attempts to exploit a vulnerability in the printer control language used in HP JetDirect printers. Attackers can send maliciously crafted packets to TCP/9100 to print arbitrary messages on HP printers with LCD panels.
Extended Description
Certain versions of HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more of a nuisance than a threat, although it is conceivable that the ability to modify the display could be used in some sort of "social engineering" scheme.
Affected Products
- HP JetDirect rev. G.08.04
- HP JetDirect rev. G.08.20
- HP JetDirect rev. H.08.05
- HP JetDirect rev. H.08.20
- HP JetDirect x.08.04
- HP JetDirect x.08.05
- HP JetDirect x.08.20
- HP JetDirect J3111A rev. A.08.06
- HP JetDirect J3111A rev. G.05.35
- HP JetDirect J3111A rev. G.07.02
- HP JetDirect J3111A rev. G.07.03
- HP JetDirect J3111A rev. G.07.17
- HP JetDirect J3111A rev. G.08.03
References
- BugTraq: 2245
- CVE: CVE-1999-1062
- URL: http://www.securityfocus.com/advisories/526