HPSBPI03610 rev. 1 - HP LaserJet Enterprise Printers, HP PageWide Enterprise Printers, HP LaserJet Managed Printers, HP OfficeJet Enterprise Printers, Execution of Arbitrary Code

Potential Security Impact

Execution of arbitrary code

VULNERABILITY SUMMARY

Insufficient solution bundle signature validation potentially allows execution of arbitrary code.

RESOLUTION

Perform the following two steps to mitigate the vulnerability.

Step 1: Update the printer firmware

Update firmware for impacted printers as indicated in the table below. To obtain the updated firmware, follow these steps:

1. Go to HP Software and Driver Downloads to find your printer software and driver webpage.

2. Scroll down and click Firmware from the category list.

3. Select the Download button to download the firmware.

> note:
>
> Some FutureSmart printers have two available firmware platforms - FutureSmart 3 (FS3) and FutureSmart 4 (FS4). Select the appropriate firmware version for the required FutureSmart platform.

Step 2: Enable Extended Signature Verification

1. Open the printer EWS, click the General tab, click the Solution Installer page, then locate the Solution Verification Settings section.

2. Select the checkbox for Enable Extended Signature Verification.