Execution of arbitrary code.
Source: HP, HP Product Security Response Team (PSRT)
Solution application signature checking may allow potential execution of arbitrary code.
HP has provided firmware updates for impacted printers as indicated in the table below. To obtain the updated firmware, go to www.hp.com and follow these steps:
Select Support from the top of the page, and then select Software & drivers.
Click Printer, and then type the appropriate product name or model number from the table below into the search field.
Click Submit.
Scroll down and click Firmware from the category list.
Click Download for the appropriate firmware.
> note:
>
> Some FutureSmart printers have two available firmware platforms: FutureSmart 3 (FS3) and FutureSmart 4 (FS4). Select the appropriate firmware version for the required FutureSmart platform.
Temporary Mitigation Settings:
The vulnerability can be prevented in the short term by either of the following actions:
Browse to the printer EWS, select the Security tab, and then set the password in the Local Administrator Password section.
Browse to the printer EWS, select the Security tab, and then disable the setting in the Firmware Upgrade Security section.
These recommendations are documented in HP Printing Security Best Practices for HP LaserJet Enterprise Printers.
See page 35 for EWS administrator password configuration.
See page 37 for Allow firmware upgrades sent as print jobs configuration.