CVE-2010-4107
HIGHEPSS 96th pctlDescription
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
CVSS v2 Vector
No CVSS vector data available.
Exploit Intelligence
Very high risk: more likely to be exploited than 96% of all known CVEs.
References
- http://secunia.com/advisories/42238
- http://securityreason.com/securityalert/8328
- http://securitytracker.com/id?1024741
- http://www.exploit-db.com/exploits/15631
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333
- http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf
- http://www.securityfocus.com/bid/44882
- http://www.vupen.com/english/advisories/2010/2987
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63261
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-29.