HP Printer HTTP Authentication Bypass

HP is reporting that “a potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files.”
CVE-2008-4419 adds that this is a directory traversal vulnerability.
In a post to Bugtraq, Digital Defense says an attacker can read arbitrary system configuration files, and cached documents.
HP Web Jetadmin should make quick work for printer admins needing to perform updates.