[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
From: security-alert@xxxxxx
Date: Mon, 9 Jan 2012 09:09:45 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03102449
Version: 3

HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, 
Remote Firmware Update Enabled by Default

NOTICE: The information in this Security Bulletin should be acted upon as soon 
as possible.

Release Date: 2011-11-30
Last Updated: 2012-01-09

Potential Security Impact: Remote firmware update enabled by default

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP printers 
and HP digital senders. The vulnerability could be exploited remotely to 
install unauthorized printer firmware.

References: CVE-2011-4161

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
 below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2011-4161    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

Note: For further information on Secure Printing and Imaging please refer to 
http://www.hp.com/go/secureprinting

Remote Firmware Update (RFU): The Remote Firmware Update (RFU) feature is 
enabled by default. A firmware update can be sent remotely to port 9100 without 
authentication. This could allow unauthorized modification of the device 
firmware. The unauthorized firmware could impact the confidentiality and 
integrity of data sent to and received from the device. The unauthorized 
firmware could also cause a Denial of Service (DoS) to the device.

RESOLUTION
The following steps can be taken to avoid unauthorized firmware updates:

Update the firmware to a version that implements code signing
Disable the Remote Firmware Update

The code signing feature verifies that firmware updates are properly signed. 
This will prevent the installation of invalid firmware updates.

Note: A firmware update may be required to allow the RFU to be disabled or to 
implement code signing. Code signing is not available on all the affected 
devices. Please refer to the following table.

Product
 Firmware Update Required to Allow Disabling RFU
 Firmware Update Required for Code Signing

HP LaserJet Enterprise 500 color M551
 No update required
 No update required

HP LaserJet Enterprise 600 M601
 No update required
 No update required

HP LaserJet Enterprise 600 M602
 No update required
 No update required

HP LaserJet Enterprise 600 M603
 No update required
 No update required

HP Color LaserJet CM1312 Multifunction Printer
 20111209 or later
 Code signing not available

HP LaserJet Pro CM1415 Color Multifunction Printer
 20111215 or later
 No update required

HP Color LaserJet CP1510
 20111209 or later
 Code signing not available

HP LaserJet M1522 Multifunction Printer
 20111212 or later
 Code signing not available

HP LaserJet Pro CP1525 Color Printer
 20111215 or later
 No update required

HP LaserJet Pro M1536 Multifunction Printer
 20111215 or later
 No update required

HP Color LaserJet CP2025
 20111208 or later
 Code signing not available

HP LaserJet P2035
 20111213 or later
 Code signing not available

HP LaserJet P2055
 20111214 or later
 Code signing not available

HP Color LaserJet CM2320 Multifunction Printer
 20111209 or later
 Code signing not available

HP LaserJet M2727 Multifunction Printer
 20111212 or later
 Code signing not available

HP Color LaserJet 3000
 No update required
 Code signing not available

HP LaserJet P3005
 No update required
 Code signing not available

HP LaserJet Enterprise P3015
 No update required
 20011213 07.130.0B or later

HP LaserJet M3027 Multifunction Printer
 No update required
 20111212 48.240.0B or later

HP LaserJet M3035
 No update required
 20111212 48.240.0B or later

HP Color LaserJet CP3505
 No update required
 Code signing not available

HP Color LaserJet CP3525
 No update required
 20111212 06.130.0B or later

HP Color LaserJet CM3530
 No update required
 20111213 53.170.1B or later

HP Color LaserJet 3800
 No update required
 Code signing not available

HP Color LaserJet CP4005
 No update required
 Code signing not available

HP LaserJet P4014
 No update required
 20111214 04.160.2B or later

HP LaserJet P4015
 No update required
 20111214 04.160.2B or later

HP LaserJet 4240
 No update required
 Code signing not available

HP LaserJet 4250
 No update required
 Code signing not available

HP LaserJet M4345 Multifunction Printer
 No update required
 20111212 48.240.0B or later

HP LaserJet 4350
 No update required
 Code signing not available

HP LaserJet P4515
 No update required
 20111214 04.160.2B or later

HP Color LaserJet Enterprise CP4525
 No update required
 20111213 07.110.2B or later

HP Color LaserJet Enterprise CM4540 Multifunction Printer
 No update required
 No update required

HP LaserJet Enterprise M4555 Multifunction Printer
 No update required
 No update required

HP Color LaserJet 4700
 No update required
 Code signing not available

HP Color LaserJet 4730 Multifunction Printer
 No update required
 Code signing not available

HP Color LaserJet CM4730 Multifunction Printer
 No update required
 20111212 50.220.1B or later

HP LaserJet M5025 Multifunction Printer
 No update required
 20111212 48.240.0B or later

HP LaserJet M5035 Multifunction Printer
 No update required
 20111212 48.240.0B or later

HP LaserJet 5200L
 No update required
 20111214 08.180.1B or later

HP LaserJet 5200N
 No update required
 20111214 08.180.1B or later

HP Color LaserJet Professional CP5225 Printer
 20111206 or later
 Code signing not available

HP Color LaserJet CP5525
 No update required
 No update required

HP Color LaserJet 5550
 No update required
 Code signing not available

HP Color LaserJet CP6015
 No update required
 20111212 04.150.0B or later

HP Color LaserJet CM6030
 No update required
 20111212 52.190.1B or later

HP Color LaserJet CM6040
 No update required
 20111212 52.190.1B or later

HP CM8060 Color Multifunction Printer with Edgeline
 No update required
 Code signing not available

HP LaserJet 9040
 No update required
 20111213 08.220.1B or later

HP LaserJet M9040 Multifunction Printer
 No update required
 20111212 51.190.1B or later

HP LaserJet 9050
 No update required
 20111213 08.220.1B or later

HP LaserJet M9050 Multifunction Printer
 No update required
 20111212 51.190.1B or later

HP 9200c Digital Sender
 No update required
 Code signing not available

HP 9250c Digital Sender
 No update required
 20111219 48.230.0B or later

HP Color LaserJet 9500
 No update required
 Code signing not available

How to Disable the Remote Firmware Update (RFU)

For instructions about how to disable the RFU please refer to the following 
document: Configuring Remote Firmware Update on HP Printers and Multifunction 
Devices

The document is available using ftp:

ftp.usa.hp.com
account: sb02728
password: Secure12

or

ftp://sb02728:Secure12@xxxxxxxxxxxxxx/

File name: Configuring Remote Firmware Update on HP Printing Devices.pdf

How to Download a Firmware Update

The table above contains links for required firmware updates. Firmware updates 
for any of the products can also be downloaded as follows.

Browse to www.hp.com/go/support then:

Select "Drivers & Software"
Enter the product name listed in the table above into the search field
Click on "Search"
If the search returns a list of products click on the appropriate product
Under "Select operating system" click on "Cross operating system (BIOS, 
Firmware, Diagnostics, etc.)"
If the "Cross operating system ..." link is not present, select any Windows 
operating system from the list.
Select the appropriate firmware update under "Firmware"

HISTORY
Version:1 (rev.1) - 30 November 2011 Initial release
Version:2 (rev.2) - 23 December 2011 Code signing firmware available
Version:3 (rev.3) - 9 January 2012 Combined tables

Third Party Security Patches: Third party security patches that are to be 
installed on systems running HP software products should be applied in 
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security 
Bulletin, contact normal HP Services support channel.  For other issues about 
the content of this Security Bulletin, send e-mail to security-alert@xxxxxxx

Report: To report a potential security vulnerability with any HP supported 
product, send Email to: security-alert@xxxxxx

Subscribe: To initiate a subscription to receive future HP Security Bulletin 
alerts via Email: 
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, 
is contained in HP Security Notice HPSN-2011-001: 
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is 
available here: 
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the 
title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors 
or omissions contained herein. The information provided is provided "as is" 
without warranty of any kind. To the extent permitted by law, neither HP or its 
affiliates, subcontractors or suppliers will be liable for incidental,special 
or consequential damages including downtime cost; lost profits;damages relating 
to the procurement of substitute products or services; or damages for loss of 
data, or software restoration. The information in this document is subject to 
change without notice. Hewlett-Packard Company and the names of Hewlett-Packard 
products referenced herein are trademarks of Hewlett-Packard Company in the 
United States and other countries. Other product and company names mentioned 
herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU
VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg
=mXzy
-----END PGP SIGNATURE-----
Prev by Date: [SECURITY] [DSA 2383-1] super security update
Next by Date: [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files
Previous by thread: [SECURITY] [DSA 2383-1] super security update
Next by thread: [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files
Index(es):
- Date
- Thread