You are here

U-117: Potential security vulnerability has been identified with certain HP printers and HP digital senders

March 5, 2012 - 7:00am

Addthis

PROBLEM:

The vulnerability could be exploited remotely to install unauthorized printer firmware.

PLATFORM:

Select HP printers and Digital Senders

ABSTRACT:

Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

reference LINKS:

Vendor Advisory
CVE-2011-4161
Previous JC3 Advisory Bulletin

IMPACT ASSESSMENT:

High

Discussion:

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. Original CVE

Impact:

Denial of Service

Solution:

Firmware updates are available at HP Support Page

Addthis