You are here

U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code

November 30, 2011 - 8:15am

Addthis

PROBLEM:

HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code .

PLATFORM:

HP LaserJet Printers manufactured prior to 2009

ABSTRACT

A remote user can upgrade the printer's firmware with arbitrary code.

referenceĀ  LINKS:

SecurityTracker Alert ID:1026357
HP Security for Imaging and Printing
HP Clarifies on Printer Security

IMPACT ASSESSMENT:

Low

Discussion:

A vulnerability was reported in some HP LaserJet Printers.
A remote user can update the firmware with arbitrary code. A remote user can send a specially crafted print job or specially crafted data to the target printer to trigger an unspecified flaw and cause the printer to upgrade its firmware with arbitrary code. Printers manufactured prior to 2009 do not check digital signatures on firmware upgrades. In some cases, the vulnerability can be exploited to cause the target printer's fuser to overheat and trip a thermal switch to shutdown the printer.

Impact:

A remote user can upgrade the printer's firmware with arbitrary code.

Solution:

No solution was available at the time of this entry.

Addthis