Lucene search

K
hpHP Product Security Response TeamHP:C04468293
HistorySep 30, 2014 - 12:00 a.m.

HPSBHF03119 rev.3 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution

2014-09-3000:00:00
HP Product Security Response Team
support.hp.com
56

EPSS

0.974

Percentile

99.9%

Potential Security Impact

Remote code execution

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as “ShellShock” which could be exploited remotely to allow execution of code.

> note:
>
> Only the HP DreamColor Z27x model is vulnerable.

RESOLUTION

HP is actively working to address this vulnerability for the impacted product versions of HP DreamColor Z27x Professional Display. The display provides calibration and remote management functionality running on embedded Linux, which includes a bash shell. The shell is not accessible via the standard calibration or remote management interfaces.

This bulletin will be revised when the firmware update is released.