10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.272 Low
EPSS
Percentile
96.8%
A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system.
Certain Hewlett-Packard Printers and Hewlett-Packard Digital Senders products allow the device’s firmware to be updated over the network. The firmware update process can be accomplished via port 9100/tcp and does not require authentication. As a result, a remote attacker could perform unauthorized modification of the device’s firmware.
Hewlett-Packard notes that the remote firmware update feature is enabled by default on affected systems. The list of affected devices can be found in HP Security Bulletin HPSBPI02728 SSRT100692, and includes many varieties of the HP LaserJet and Color LaserJet products.
A remote unauthenticated attacker could install malicious firmware on an affected device. This malicious firmware could allow the attacker to take control of the affected device, gain access to sensitive information sent to or from the device, or cause a denial of service (e.g., through malfunction of the device).
Disable Remote Firmware Update
HP has published guidance about securely configuring printers, including instructions about disabling the firmware update feature, in “HP Imaging and Printing Security Best Practices - Configuring Security for Multiple LaserJet MFPs and Color LaserJet MFPs”.
Users are encouraged to review this document and take the appropriate actions to disable the firmware update feature.
717921
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: December 08, 2011
Statement Date: November 30, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 8.3 | E:F/RL:OF/RC:C |
Environmental | 6.2 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
This document was written by Chad Dougherty.
CVE IDs: | CVE-2011-4161 |
---|---|
Date Public: | 2011-11-29 Date First Published: |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449&jumpid=em_alerts_us-us_Dec11_xbu_all_all_1514802_101529_printersandmultifunctionscanners-copiers-faxes_critical_000_0
h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03102449-6
h71028.www7.hp.com/enterprise/downloads/HP-Imaging10.pdf
ids.cs.columbia.edu/sites/default/files/ndss-2013.pdf