H3-2020-0003

Anonymous Access to Printer using PJL or PS

Description

The remote printer is configured to allow anonymous access using HP Printer Job Language (PJL) or PostScript (PS) commands. PJL and PS are standard command languages used in printers to handle job control and page description tasks, respectively. An attacker could exploit this misconfiguration by sending unauthorized commands to the printer. This can allow the attacker to manipulate and capture print jobs, access the printer's file system, and potentially make changes to the printer's configuration.

Impact

Exploiting this misconfiguration could enable an attacker to recover sensitive information such as stored passwords or confidential documents that are processed by the printer. The attacker could also disrupt normal printer operations or even cause physical damage to the device.

References

• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
• Printer Exploitation Toolkit