HP Product Security Response TeamHP:C05388711HPSBPI03554 rev. 2 - Certain HP PageWide Pro printers and certain HP OfficeJet Pro printers, Denial of Service, possible execution of arbitrary code
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Potential Security Impact
Denial of Service, possible execution of arbitrary code
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP printers. This vulnerability could potentially be exploited to execute arbitrary code or create a denial of service.
> note:
>
> This vulnerability was detected in specific versions of a 3rd party product that is embedded within some HP printers. This bulletin notifies HP customers about impacted products.
RESOLUTION
HP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software.
Product Name
|
Model
|
Firmware update version
β|β|β
HP PageWide Managed MFP P57750dw
|
J9V82A
J9V82B
J9V82C
J9V82D
|
1629F (or higher)
HP PageWide Managed P55250dw
|
J6U55A
J6U55B
J6U55C
J6U55D
|
1629F (or higher)
HP PageWide Pro MFP 577z
|
K9Z76A
K9Z76D
|
1629F (or higher)
HP PageWide Pro 552dw
|
D3Q17A
D3Q17C
D3Q17D
|
1629F (or higher)
HP PageWide Pro MFP 577dw
|
D3Q21A
D3Q21C
D3Q21D
|
1629F (or higher)
HP PageWide Pro MFP 477dw
|
D3Q20A
D3Q20B
D3Q20C
D3Q20D
|
1629F (or higher)
HP PageWide Pro 452dw
|
D3Q16A
D3Q16B
D3Q16C
D3Q16D
|
1629F (or higher)
HP PageWide Pro MFP 477dn
|
D3Q19A
D3Q19D
|
1629F (or higher)
HP PageWide Pro 452dn
|
D3Q15A
D3Q15B
D3Q15D
|
1629F (or higher)
HP PageWide MFP 377dw
|
J9V80A
J9V80B
|
1629F (or higher)
HP PageWide 352dw
|
J6U57B
|
1629F (or higher)
HP OfficeJet Pro 8710 All-in-One Printer
|
D9L18A
M9L66A
M9L67A
|
1644B (or higher)
HP OfficeJet Pro 8720 All-in-One Printer
|
D9L19A
M9L74A
M9L75A
|
1644B (or higher)
HP OfficeJet Pro 8730 All-in-One Printer
|
D9L20A
|
1644B (or higher)
HP OfficeJet Pro 8740 All-in-One Printer
|
D9L21A
|
1644B (or higher)
HP OfficeJet Pro 8711 All-in-One Printer
|
M9L68A
|
1644B (or higher)
HP OfficeJet Pro 8715 All-in-One Printer
|
J6X76A
J6X78A
J6X80A
K7S37A
M9L70A
|
1644B (or higher)
HP OfficeJet Pro 8716 All-in-One Printer
|
J6X77A
|
1644B (or higher)
HP OfficeJet Pro 8717 All-in-One Printer
|
K7S38A
|
1644B (or higher)
HP OfficeJet Pro 8718 All-in-One Printer
|
T0G47A
T0G48A
|
1644B (or higher)
HP OfficeJet Pro 8719 All-in-One Printer
|
T0G49A
|
1644B (or higher)
HP OfficeJet Pro 8725 All-in-One Printer
|
J7A28A
J7A31A
K7S34A
K7S35A
M9L80A
|
1644B (or higher)
HP OfficeJet Pro 8727 All-in-One Printer
|
K7S36A
|
1644B (or higher)
HP OfficeJet Pro 8728 All-in-One Printer
|
T0G54A
|
1644B (or higher)
HP OfficeJet Pro 8210 Printer
|
D9L63A
D9L64A
|
1617C (or higher)
HP OfficeJet Pro 8216 Printer
|
T0G70A
|
1617C (or higher)
HP OfficeJet Pro 8218 Printer
|
J3P68A
|
1617C (or higher)
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C