SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   HP Printer Vendors:   HPE
HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code
SecurityTracker Alert ID:  1026357
SecurityTracker URL:  http://securitytracker.com/id/1026357
CVE Reference:   CVE-2011-4161   (Links to External Site)
Updated:  Mar 19 2012
Original Entry Date:  Nov 29 2011
Impact:   Execution of arbitrary code via network, Root access via network
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in some HP LaserJet Printers. A remote user can update the firmware with arbitrary code.

A remote user can send a specially crafted print job or specially crafted data to TCP port 9100 on the target printer to trigger an unspecified flaw and cause the printer to upgrade its firmware with arbitrary code. Some printers do not check digital signatures on firmware upgrades.

In some cases, the vulnerability can be exploited to cause the target printer's fuser to overheat and trip a thermal switch to shutdown the printer.

The following models are affected:

HP LaserJet Pro 100 color MFP M175
HP TopShot LaserJet Pro M275
HP LaserJet Pro 300 color M351
HP LaserJet Pro 300 color M351
HP LaserJet Pro 300 color MFP M375
HP LaserJet Pro 400 color M451
HP LaserJet Pro 400 color MFP M475
HP LaserJet Enterprise 500 color M551
HP LaserJet Enterprise 600 M601
HP LaserJet Enterprise 600 M602
HP LaserJet Enterprise 600 M603
HP LaserJet Pro CP1025 Color Printer series
HP LaserJet Pro M1136 Multifunction Printer series
HP LaserJet Pro P1102 Printer series
HP Color LaserJet CP1210 Printer series
HP LaserJet Pro M1212nf Multifunction Printer series
HP Color LaserJet CM1312 Multifunction Printer
HP Color LaserJet CM1312nfi Multifunction Printer
HP LaserJet M1319 Multifunction Printer series
HP LaserJet Pro CM1415 Color Multifunction Printer
HP LaserJet P1500 Printer series
HP Color LaserJet CP1510 Printer series
HP LaserJet M1522 Multifunction Printer series
HP LaserJet Pro CP1525 Color Printer
HP LaserJet Pro M1536 Multifunction Printer
HP LaserJet Pro P1606dn Printer
HP Color LaserJet CP2025
HP LaserJet P2035 Printer series
HP LaserJet P2055 Printer series
HP Color LaserJet CM2320 Multifunction Printer series
HP LaserJet M2727 Multifunction Printer series
HP Color LaserJet 3000
HP LaserJet P3005
HP LaserJet Enterprise P3015
HP LaserJet M3027 Multifunction Printer
HP LaserJet M3035
HP Color LaserJet CP3505
HP Color LaserJet CP3525
HP Color LaserJet CM3530
HP Color LaserJet 3800
HP Color LaserJet CP4005
HP LaserJet P4014
HP LaserJet P4015
HP LaserJet 4240
HP LaserJet 4250
HP LaserJet M4345 Multifunction Printer
HP LaserJet 4350
HP LaserJet P4515
HP Color LaserJet Enterprise CP4525
HP Color LaserJet Enterprise CM4540 Multifunction Printer
HP LaserJet Enterprise M4555 Multifunction Printer
HP Color LaserJet 4700
HP Color LaserJet 4730 Multifunction Printer
HP Color LaserJet CM4730 Multifunction Printer
HP LaserJet M5025 Multifunction Printer
HP LaserJet M5035 Multifunction Printer
HP LaserJet 5200L
HP LaserJet 5200N
HP Color LaserJet Professional CP5225 Printer series
HP Color LaserJet CP5525
HP Color LaserJet 5550
HP Color LaserJet CP6015
HP Color LaserJet CM6030
HP Color LaserJet CM6040
HP CM8060 Color Multifunction Printer with Edgeline
HP LaserJet 9040
HP LaserJet M9040 Multifunction Printer
HP LaserJet 9050
HP LaserJet M9050 Multifunction Printer
HP 9200c Digital Sender
HP 9250c Digital Sender
HP Color LaserJet 9500

The original advisory is available at:

http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say

Salvatore Stolfo and Ang Cui of Columbia University reported this vulnerability.

Impact:   A remote user can upgrade the printer's firmware with arbitrary code.
Solution:   No solution was available at the time of this entry.

The vendor recommends disabling the 'Printer Firmware Update' feature as described at:

http://h71028.www7.hp.com/enterprise/downloads/HP-Imaging10.pdf

The vendor's advisory is available at:

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03102449

Vendor URL:  h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03102449 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC