HP Product Security Response TeamHP:C05949322HPSBPI03580 rev. 2 - Cross Site Request Forgery Vulnerability for Certain HP Enterprise and PageWide Printers
0.001 Low
EPSS
Percentile
31.8%
Potential Security Impact
Elevation of Privilege.
Reported by: Mohamed Abdelbaset Elnoby
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP Enterprise and PageWide printers and MFPs. This vulnerability is known as Cross Site Request Forgery and could potentially be exploited remotely to allow elevation of privilege.
RESOLUTION
HP has provided firmware updates for potentially impacted printers in the table below.
To obtain the updated firmware, go to HP Software and Driver Downloads and search for your printer model.
> note:
>
> Some FutureSmart printers have multiple firmware platforms - FutureSmart 3 (FS3) and FutureSmart 4 (FS4). Select the appropriate firmware version for the required FutureSmart platform.
> note:
>
> For firmware marked with *, please Contact HP Support to obtain the firmware update.
Product Name
|
Model Number
|
Firmware Revision
—|—|—
HP Color LaserJet 500 Color Flow MFP M575
|
CD646A
|
FS3: 2308974_579774 (or higher)
FS4: 2405135_000409 (or higher)
HP Color LaserJet CM4540 MFP
|
CC419A, CC420A, CC421A
|
FS3: 2308974_579754 (or higher)
HP Color LaserJet CP5525
|
CE707A, CE708A, CE709A
|
FS3: 2308974_579753 (or higher)
HP Color LaserJet Enterprise Flow MFP M577
|
B5L48A, B5L54A
|
FS3: 2308974_579760 (or higher)
FS4: 2405129_000038 (or higher)
HP Color LaserJet Enterprise Flow MFP M680
|
CZ250A, CA251A
|
FS3: 2308974_579771 (or higher)
FS4: 2405129_000042 (or higher)
HP Color LaserJet Enterprise Flow MFP M681f
|
J8A12A, J8A13A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Enterprise Flow MFP M682
|
J8A17A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Enterprise Flow MFP M880
|
A2W76A, A2W75A, D7P70A, D7P71A, D7P68A
|
FS3: 2308974_579767 (or higher)
FS4: 2405129_000054 (or higher)
HP Color LaserJet Enterprise M552
|
B5L23A
|
FS3: 2308974_579763 (or higher)
HP Color LaserJet Enterprise M553
|
B5L24A, B5L25A, B5L26A
|
FS3: 2308974_579763 (or higher)
FS4: 2405129_000056 (or higher) *
HP Color LaserJet Enterprise M652
|
J7Z98A, J7Z99A
|
FS4: 2405130_000068 (or higher)
HP Color LaserJet Enterprise M653
|
J8A04A, J8A05A, J8A06A
|
FS4: 2405130_000068 (or higher)
HP Color LaserJet Enterprise M750
|
D3L08A, D3L09A, D3L10A
|
FS3: 2308974_579776 (or higher)
HP Color LaserJet Enterprise M855
|
A2W77A, A2W78A, A2W79A, D7P73A
|
FS3: 2308974_579768 (or higher)
FS4: 2405129_000057 (or higher)
HP Color LaserJet Enterprise MFP M577
|
B5L46A, B5L47A
|
FS3: 2308974_579760 (or higher)
FS4: 2405129_000038 (or higher)
HP Color LaserJet Enterprise MFP M680
|
CZ248A, CZ249A
|
FS3: 2308974_579771 (or higher)
FS4: 2405129_000042 (or higher)
HP Color LaserJet Enterprise MFP M681
|
J8A10A, J8A11A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Enterprise MFP M682
|
J8A16A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Managed E65050
|
L3U55A
|
FS4: 2405130_000068 (or higher)
HP Color LaserJet Managed E65060
|
L3U56A, L3U57A
|
FS4: 2405130_000068 (or higher)
HP Color LaserJet Managed Flow MFP E67550
|
L3U67A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Managed Flow MFP E67560
|
L3U70A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Managed Flow MFP M575
|
L3U45A
|
FS3: 2308974_579774 (or higher)
FS4: 2405135_000409 (or higher)
HP Color LaserJet Managed Flow MFP M577
|
B5L50A
|
FS3: 2308974_579760 (or higher)
FS4: 2405129_000038 (or higher)
HP Color LaserJet Managed Flow MFP M680
|
L3U48A
|
FS3: 2308974_579771 (or higher)
FS4: 2405129_000042 (or higher)
HP Color LaserJet Managed M553
|
B5L39A
|
FS3: 2308974_579763 (or higher)
FS4: 2405129_000056 (or higher) *
HP Color LaserJet Managed M651
|
H0DC9A, L8Z07A
|
FS3: 2308974_579770 (or higher)
FS4: 2405129_000047 (or higher)
HP Color LaserJet Managed MFP E67550d
|
L3U66A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Managed MFP E67560d
|
L3U69A
|
FS4: 2405129_000037 (or higher)
HP Color LaserJet Managed MFP E77822
|
X3A78A, X3A77A, Z8Z00A, Z8Z01A
|
FS4: 2405347_024820 (or higher)
HP Color LaserJet Managed MFP E77825
|
X3A81A, X3A80A, Z8Z02A, Z8Z03A
|
FS4: 2405347_024820 (or higher)
HP Color LaserJet Managed MFP E77830
|
X3A84A, X3A83A, Z8Z05A, Z8Z04A
|
FS4: 2405347_024820 (or higher)
HP Color LaserJet Managed MFP E87640
|
X3A87A, X3A86A, Z8Z12A, Z8Z13A
|
FS4: 2405347_024814 (or higher)
HP Color LaserJet Managed MFP E87650
|
X3A90A, X3A89A, Z8Z14A, Z8Z15A
|
FS4: 2405347_024814 (or higher)
HP Color LaserJet Managed MFP E87660
|
X3A92A, X3A93A, Z8Z16A, Z8Z17A
|
FS4: 2405347_024814 (or higher)
HP Color LaserJet Managed MFP M577
|
B5L49A
|
FS3: 2308974_579760 (or higher)
FS4: 2405129_000038 (or higher)
HP Color LaserJet Managed MFP M680
|
L3U47A
|
FS3: 2308974_579771 (or higher)
FS4: 2405129_000042 (or higher)
HP Color LaserJet Managed MFP M775
|
L3U49A, L3U50A
|
FS3: 2308974_579779 (or higher)
FS4: 2405135_000405 (or higher)
HP Color LaserJet Managed MFP M880
|
L3U51A, L3U52A, L3U65A
|
FS3: 2308974_579767 (or higher)
FS4: 2405129_000054 (or higher)
HP Digital Sender Flow 8500 fn2 Document Capture Workstation
|
L2762A
|
FS4: 2405087_018553 (or higher)
HP LaserJet Enterprise 600 M601
|
CE989A, CE990A
|
FS3: 2308974_579777 (or higher)
HP LaserJet Enterprise 600 M602
|
CE991A, CE992A, CE993A
|
FS3: 2308974_579777 (or higher)
HP LaserJet Enterprise 600 M603xh
|
CE994A, CE995A, CE996A
|
FS3: 2308974_579777 (or higher)
HP LaserJet Enterprise 700 color MFP M775
|
CC522A, CC523A, CC524A
|
FS3: 2308974_579779 (or higher)
FS4: 2405135_000405 (or higher)
HP LaserJet Enterprise Color MFP M575
|
CD644A, CD645A
|
FS3: 2308974_579774 (or higher)
FS4: 2405135_000409 (or higher)
HP LaserJet Enterprise flow MFP M525
|
CF118A
|
FS3: 2308974_579765 (or higher)
FS4: 2405129_000048 (or higher)
HP LaserJet Enterprise Flow MFP M527
|
F2A78V
|
FS3: 2308974_579761 (or higher)
FS4: 2405129_000039 (or higher)
HP LaserJet Enterprise Flow MFP M630
|
P7Z47A, B3G86A
|
FS3: 2308974_579755 (or higher)
FS4: 2405129_000040 (or higher)
HP LaserJet Enterprise Flow MFP M830z
|
CF367A, D7P68A
|
FS3: 2308974_579769 (or higher)
FS4: 2405129_000060 (or higher)
HP LaserJet Enterprise M4555 MFP
|
CE503A, CE504A, CE738A
|
FS3: 2308974_579757 (or higher)
HP LaserJet Enterprise M506
|
F2A70A, F2A71A
|
FS3: 2308974_579764 (or higher)
FS4: 2405129_000052 (or higher) *
HP LaserJet Enterprise M604
|
E6B67A, E6B68A
|
FS3: 2308974_579762 (or higher)
FS4: 2405129_000046 (or higher) *
HP LaserJet Enterprise M605
|
E6B69A, E6B70A. E6B71A
|
FS3: 2308974_579762 (or higher)
FS4: 2405129_000046 (or higher) *
HP LaserJet Enterprise M606
|
E6B72A, E6B73A
|
FS3: 2308974_579762 (or higher)
FS4: 2405129_000046 (or higher) *
HP LaserJet Enterprise M607
|
K0Q14A, K0Q15A
|
FS4: 2405130_000069 (or higher)
HP LaserJet Enterprise M608
|
K0Q17A, K0Q18A, M0P32A, K0Q19A
|
FS4: 2405130_000069 (or higher)
HP LaserJet Enterprise M609
|
K0Q20A, K0Q21A, K0Q22A
|
FS4: 2405130_000069 (or higher)
HP LaserJet Enterprise M806
|
CZ244A, CZ245A
|
FS3: 2308974_579772 (or higher)
FS4: 2405129_000059 (or higher)
HP LaserJet Enterprise Managed Flow MFP M527
|
F2A80A
|
FS3: 2308974_579761 (or higher)
FS4: 2405129_000039 (or higher)
HP LaserJet Enterprise Managed MFP M527
|
F2A79A
|
FS3: 2308974_579761 (or higher)
FS4: 2405129_000039 (or higher)
HP LaserJet Enterprise Managed MFP M575
|
L3U46A
|
FS3: 2308974_579774 (or higher)
FS4: 2405135_000409 (or higher)
HP LaserJet Enterprise MFP M525
|
CF116A, CF117A
|
FS3: 2308974_579765 (or higher)
FS4: 2405129_000048 (or higher)
HP LaserJet Enterprise MFP M527
|
F2A76A, F2A77A, F2A81A
|
FS3: 2308974_579761 (or higher)
FS4: 2405129_000039 (or higher)
HP LaserJet Enterprise MFP M630
|
B3G85A, J7X28A, B3G84A
|
FS3: 2308974_579755 (or higher)
FS4: 2405129_000040 (or higher)
HP LaserJet Enterprise MFP M631
|
J8J64A, J8J63A, J8J65A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Enterprise MFP M632
|
J8J70A, J8J71A, J8J72A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Enterprise MFP M633
|
J8J76A, J8J78A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Enterprise MFP M725
|
CF066A, CF067A, CF068A, CF069A
|
FS3: 2308974_579773 (or higher)
FS4: 2405129_000058 (or higher)
HP LaserJet Managed E60055
|
M0P33A
|
FS4: 2405130_000069 (or higher)
HP LaserJet Managed E60065
|
M0P35A, M0P36A
|
FS4: 2405130_000069 (or higher)
HP LaserJet Managed E60075
|
M0P39A, M0P40A
|
FS4: 2405130_000069 (or higher)
HP LaserJet Managed Flow MFP E62555dn
|
J8J67A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Managed Flow MFP E62565h, z
|
J8J74A, J8J79A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Managed Flow MFP E62575z
|
J8J80A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Managed Flow MFP M630
|
L3U62A, P7Z48A
|
FS3: 2308974_579755 (or higher)
FS4: 2405129_000040 (or higher)
HP LaserJet Managed Flow MFP M830
|
L3U65A
|
FS3: 2308974_579769 (or higher)
FS4: 2405129_000060 (or higher)
HP LaserJet Managed M506
|
F2A67A
|
FS3: 2308974_579764 (or higher)
FS4: 2405129_000052 (or higher) *
HP LaserJet Managed MFP 725
|
L3U63A, L3U64A
|
FS3: 2308974_579773 (or higher)
FS4: 2405129_000058 (or higher)
HP LaserJet Managed MFP E62555dn
|
J8J66A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Managed MFP E62565hs
|
J8J73A
|
FS4: 2405129_000041 (or higher)
HP LaserJet Managed MFP E72525
|
X3A59A, X3A60A, Z8Z06A, Z8Z07A
|
FS4: 2405347_024821 (or higher)
HP LaserJet Managed MFP E72530
|
X3A62A, X3A63, Z8Z09A, Z8Z08A
|
FS4: 2405347_024821 (or higher)
HP LaserJet Managed MFP E72535
|
X3A65, X3A66A, Z8Z11A, Z8Z10A
|
FS4: 2405347_024821 (or higher)
HP LaserJet Managed MFP E82540
|
X3A69A, X3A68A, Z8Z19A, Z8Z18A
|
FS4: 2405347_024815 (or higher)
HP LaserJet Managed MFP E82550
|
X3A72A, X3A71A, Z8Z21A, Z8Z20A
|
FS4: 2405347_024815 (or higher)
HP LaserJet Managed MFP E82560
|
X3A79A, Z8Z23A, Z8Z22A, X3A75A, X3A74A
|
FS4: 2405347_024815 (or higher)
HP LaserJet Managed MFP M525
|
L3U59A , L3U60A
|
FS3: 2308974_579765 (or higher)
FS4: 2405129_000048 (or higher)
HP LaserJet Managed MFP M630
|
L3U61A
|
FS3: 2308974_579755 (or higher)
FS4: 2405129_000040 (or higher)
HP OfficeJet Enterprise Color Flow MFP X585
|
B5L06A, B5L07A
|
FS3: 2308974_579759 (or higher)
FS4: 2405129_000050 (or higher)
HP OfficeJet Enterprise Color MFP X585
|
B5L04A, B5L05A
|
FS3: 2308974_579759 (or higher)
FS4: 2405129_000050 (or higher)
HP OfficeJet Enterprise Color X555
|
C2S11A, C2S11V, C2S12A, C2S12V, L1H45A
|
FS3: 2308974_579758 (or higher)
FS4: 2405129_000055 (or higher)
HP OfficeJet Managed Color MFP X585
|
L3U40A, L3U41A
|
FS3: 2308974_579759 (or higher)
FS4: 2405129_000050 (or higher)
HP PageWide Enterprise Color 556
|
G1W46A, G1W46V, G1W47A, G1W47V, L3U44A
|
FS3: 2308974_579766 (or higher)
FS4: 2405129_000051 (or higher)
HP PageWide Enterprise Color 765
|
J7Z04A
|
FS4: 2405087_018564 (or higher)
HP PageWide Enterprise Color Flow MFP 586
|
G1W41A, G1W41V
|
FS3: 2308974_579780 (or higher)
FS4: 2405129_000066 (or higher)
HP PageWide Enterprise Color MFP 586
|
G1W39A, G1W39V, G1W40A, G1W40V
|
FS3: 2308974_579780 (or higher)
FS4: 2405129_000066 (or higher)
HP PageWide Managed Color E55650
|
L3U44A
|
FS3: 2308974_579766 (or higher)
FS4: 2405135_000394 (or higher)
HP PageWide Managed Color E75160
|
J7Z06A
|
FS4: 2405087_018564 (or higher)
HP PageWide Managed Color MFP E58650
|
L3U42A
|
FS3: 2308974_579780 (or higher)
FS4: 2405129_000066 (or higher)
HP PageWide Managed Color MFP Flow E58650
|
L3U43A
|
FS3: 2308974_579780 (or higher)
FS4: 2405129_000066 (or higher)
HP Scanjet Enterprise 8500 Document Capture Workstation
|
L2717A
|
FS3: 2308974_579756 (or higher)
HP Scanjet N9120 fn2 Digital Sender
|
L2683A
|
FS4: 2405087_018552 (or higher)
Related
