Lucene search
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.HP_LASERJET_HPSBPI03107.NASLHistoryOct 09, 2014 - 12:00 a.m.
HP Printers Security Bypass (HPSBPI03107)
2014-10-0900:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
608
The remote HP printer is affected by a security bypass vulnerability.
The included OpenSSL library has a security bypass flaw in the handshake process. By using a specially crafted handshake, a remote attacker can force the use of weak keying material. This could be leveraged for a man-in-the-middle attack.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(78110);
script_version("1.7");
script_cvs_date("Date: 2019/11/25");
script_cve_id("CVE-2014-0224");
script_bugtraq_id(67899);
script_xref(name:"CERT", value:"978508");
script_xref(name:"HP", value:"emr_na-c04451722");
script_xref(name:"HP", value:"HPSBPI03107");
script_name(english:"HP Printers Security Bypass (HPSBPI03107)");
script_summary(english:"Checks the firmware datecode.");
script_set_attribute(attribute:"synopsis", value:
"The remote printer is affected by a security bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote HP printer is affected by a security bypass vulnerability.
The included OpenSSL library has a security bypass flaw in the
handshake process. By using a specially crafted handshake, a remote
attacker can force the use of weak keying material. This could be
leveraged for a man-in-the-middle attack.");
# https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04451722
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f055628e");
script_set_attribute(attribute:"solution", value:
"Upgrade the firmware in accordance with the vendor's advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0224");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/03");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/09");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:hp:laserjet");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("hp_pjl_version.nbin", "hp_laserjet_detect.nasl");
script_require_ports("www/hp_laserjet/pname", "pjl/model");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
# Remove and fix words in the printer's name that don't match the list
# on the Web site (designed to reduce false negatives). Also convert the
# name to uppercase and remove spaces to make it as unlikely as possible that
# we miss anything.
function normalize_model(model)
{
local_var series_to_remove, series, words_to_remove, word;
model = toupper(model);
#Remove any the generic series number from product name
series_to_remove = make_list(' 100 ', ' 300 ', ' 400 ', ' 500 ', ' 600 ', ' 700 ');
foreach series(series_to_remove)
model = str_replace(string:model, find:series, replace:' ');
words_to_remove = make_list( 'COLOR', 'EDGELINE', 'ENTERPRISE', 'FLOW', 'HP', 'HOTSPOT', 'LASERJET', 'MFP', 'MULTIFUNCTION', 'PRINTER', 'PROFESSIONAL', 'PRO', 'SERIES', 'SCANJET', 'TOPSHOT', 'WITH', 'ALL', 'IN', 'ONE', 'DIGITAL', 'SENDER', '-', 'FN1', 'DOCUMENT', 'CAPTURE', 'WORKSTATION' );
foreach word(words_to_remove)
model = str_replace(string:model, find:word, replace:'');
model = str_replace(string:model, find:' ', replace:'');
return model;
}
port = get_service(svc:"jetdirect", exit_on_fail:TRUE);
model = get_kb_item('pjl/model');
if (!model) model = get_kb_item('www/hp_laserjet/pname');
if (!model) exit(1, "Failed to get the HP model number.");
firmware = int(get_kb_item('pjl/firmware'));
if (!firmware) firmware = int(get_kb_item('www/hp_laserjet/fw'));
if (!firmware) exit(1, "Failed to get the HP firmware version.");
serial = get_kb_item('www/hp_laserjet/serial');
if (!serial) serial = get_kb_item('pjl/serial');
if (!serial) serial = "unknown";
# From support.hp.com searches
signing_firmware = make_array(
#"HP LaserJet 400 MFP M425dn", 20140731, # <---- uncomment for testing
"HP Color LaserJet CM4540 MFP", 20140731,
"HP Color LaserJet CM4540f MFP", 20140731,
"HP Color LaserJet CM4540fskm MFP", 20140731,
"HP Color LaserJet CP5525n", 20140731,
"HP Color LaserJet CP5525dn", 20140731,
"HP Color LaserJet CP5525xh", 20140731,
"HP Color LaserJet Enterprise M750n", 20140731,
"HP Color LaserJet Enterprise M750dn", 20140731,
"HP Color LaserJet Enterprise M750xh", 20140731,
"HP Color LaserJet M651n", 20140731,
"HP Color LaserJet M651dn", 20140731,
"HP Color LaserJet M651xh", 20140731,
"HP Color LaserJet M680f", 20140731,
"HP Color LaserJet M680dn", 20140731,
"HP Color LaserJet Flow M680z", 20140731,
"HP LaserJet Enterprise 500 color MFP M575f", 20140731,
"HP LaserJet Enterprise 500 color MFP M575dn", 20140731,
"HP LaserJet Enterprise 500 MFP M525f", 20140731,
"HP LaserJet Enterprise 500 MFP M525dn", 20140731,
"HP LaserJet Enterprise 600 M601n", 20140731,
"HP LaserJet Enterprise 600 M601dn", 20140731,
"HP LaserJet Enterprise 600 M602n", 20140731,
"HP LaserJet Enterprise 600 M602dn", 20140731,
"HP LaserJet Enterprise 600 M602x", 20140731,
"HP LaserJet Enterprise 600 M603n", 20140731,
"HP LaserJet Enterprise 600 M603dn", 20140731,
"HP LaserJet Enterprise 600 M603xh", 20140731,
"HP LaserJet Enterprise MFP M630dn", 20140731,
"HP LaserJet Enterprise MFP M630f", 20140731,
"HP LaserJet Enterprise MFP M630h", 20140731,
"HP LaserJet Enterprise Flow MFP M630z", 20140731,
"HP LaserJet Enterprise 700 color M775dn", 20140731,
"HP LaserJet Enterprise 700 color M775f", 20140731,
"HP LaserJet Enterprise 700 color M775z", 20140731,
"HP LaserJet Enterprise 700 color M775z+", 20140731,
"HP LaserJet Enterprise 700 M712n", 20140731,
"HP LaserJet Enterprise 700 M712dn", 20140731,
"HP LaserJet Enterprise 700 M712xh", 20140731,
"HP LaserJet Enterprise 800 color M855dn", 20140731,
"HP LaserJet Enterprise 800 color M855xh", 20140731,
"HP LaserJet Enterprise 800 color M855x+", 20140731,
"HP LaserJet Enterprise 800 color MFP M880z", 20140731,
"HP LaserJet Enterprise 800 color MFP M880z+", 20140731,
"HP LaserJet Enterprise Color 500 M551n", 20140731,
"HP LaserJet Enterprise Color 500 M551dn", 20140731,
"HP LaserJet Enterprise Color 500 M551xh", 20140731,
"HP LaserJet Enterprise color flow MFP M575c", 20140731,
"HP LaserJet Enterprise flow M830z Multifunction Printer", 20140731,
"HP LaserJet Enterprise flow MFP M525c", 20140731,
"HP LaserJet Enterprise M4555 MFP", 20140731,
"HP LaserJet Enterprise M4555f MFP", 20140731,
"HP LaserJet Enterprise M4555fskm MFP", 20140731,
"HP LaserJet Enterprise M4555h MFP", 20140731,
"HP LaserJet Enterprise M806dn", 20140731,
"HP LaserJet Enterprise M806x+", 20140731,
"HP LaserJet Enterprise MFP M725dn", 20140731,
"HP LaserJet Enterprise MFP M725z+", 20140731,
"HP LaserJet Enterprise MFP M725z", 20140731,
"HP LaserJet Enterprise MFP M725f", 20140731,
"HP Scanjet Enterprise 8500 fn1 Document Capture Workstation", 20140731,
"HP Color LaserJet CP3525", 20140722,
"HP Color LaserJet CP3525n", 20140722,
"HP Color LaserJet CP3525x", 20140722,
"HP Color LaserJet CP3525dn", 20140722,
"HP LaserJet M4345 Multifunction Printer", 20140722,
"HP LaserJet M4345x Multifunction Printer", 20140722,
"HP LaserJet M4345xm Multifunction Printer", 20140722,
"HP LaserJet M4345xs Multifunction Printer", 20140722,
"HP LaserJet M5025 Multifunction Printer", 20140722,
"HP Color LaserJet CM6040 Multifunction Printer", 20140723,
"HP Color LaserJet CM6040f Multifunction Printer", 20140723,
"HP Color LaserJet Enterprise CP4525n", 20140725,
"HP Color LaserJet Enterprise CP4525dn", 20140725,
"HP Color LaserJet Enterprise CP4525xh", 20140725,
"HP Color LaserJet Enterprise CP4025n Printer", 20140725,
"HP Color LaserJet Enterprise CP4025dn Printer", 20140725,
"HP LaserJet M5035 Multifunction Printer", 20140722,
"HP LaserJet M5035x Multifunction Printer", 20140722,
"HP LaserJet M5035xs Multifunction Printer", 20140722,
"HP LaserJet M9050 Multifunction Printer", 20140722,
"HP LaserJet M9040 Multifunction Printer", 20140722,
"HP Color LaserJet CM4730 Multifunction Printer", 20140723,
"HP Color LaserJet CM4730f Multifunction Printer", 20140723,
"HP Color LaserJet CM4730fsk Multifunction Printer", 20140723,
"HP Color LaserJet CM4730fm Multifunction Printer", 20140723,
"HP LaserJet M3035 Multifunction Printer", 20140722,
"HP LaserJet M3035xs Multifunction Printer", 20140722,
"HP 9250c Digital Sender", 20140723,
"HP LaserJet Enterprise P3015 Printer", 20140723,
"HP LaserJet Enterprise P3015d Printer", 20140723,
"HP LaserJet Enterprise P3015n Printer", 20140723,
"HP LaserJet Enterprise P3015dn Printer", 20140723,
"HP LaserJet Enterprise P3015x Printer", 20140723,
"HP LaserJet M3027 Multifunction Printer", 20140722,
"HP LaserJet M3027x Multifunction Printer", 20140722,
"HP LaserJet CM3530 Multifunction Printer", 20140722,
"HP LaserJet CM3530fs Multifunction Printer", 20140722,
"HP Color LaserJet CP6015dn Printer", 20140725,
"HP Color LaserJet CP6015n Printer", 20140725,
"HP Color LaserJet CP6015x Printer", 20140725,
"HP Color LaserJet CP6015xh Printer", 20140725,
"HP Color LaserJet CP6015de Printer", 20140725,
"HP LaserJet P4515n Printer", 20140723,
"HP LaserJet P4515tn Printer", 20140723,
"HP LaserJet P4515x Printer", 20140723,
"HP LaserJet P4515xm Printer", 20140723,
"HP Color LaserJet CM6030 Multifunction Printer", 20140723,
"HP Color LaserJet CM6030f Multifunction Printer", 20140723,
"HP LaserJet P4015n Printer", 20140723,
"HP LaserJet P4015dn Printer", 20140723,
"HP LaserJet P4015x Printer", 20140723,
"HP LaserJet P4015tn Printer", 20140723,
"HP LaserJet P4014 Printer", 20140723,
"HP LaserJet P4014n Printer", 20140723,
"HP LaserJet P4014dn Printer", 20140723
);
# Normalize the names of the models (to make it possible to look them up)
fixed_signing_firmware = make_array();
foreach f(keys(signing_firmware))
{
fixed_signing_firmware[normalize_model(model:f)] = signing_firmware[f];
}
signing_firmware = fixed_signing_firmware;
# Figure out which firmware update the printer requires
model_norm = normalize_model(model:model);
update = signing_firmware[model_norm];
# If we didn't find it in the list, this plugin doesn't apply
if (isnull(update)) exit(0, "This printer model (" + model + ") does not appear to be affected.");
# Check if the firmware version is vulnerable
if (firmware < update)
{
if (report_verbosity > 0)
security_warning(
port:port,
extra:
'\n Model : ' + model +
'\n Serial number : ' + serial +
'\n Installed version : ' + firmware +
'\n Fixed version : ' + update +
'\n'
);
else security_warning(port);
exit(0);
}
audit(AUDIT_HOST_NOT, 'affected since firmware version ' + firmware + ' is installed');
Related
threatpost
threatpost
SSL Pulse Scans Quantify Vulnerable OpenSSL Servers
2014-06-13 14:05:55
New OpenSSL MITM Flaw Affects All Clients, Some Server Versions
2014-06-05 09:30:06
openvas
openvas
Oracle Linux Local Check: ELSA-2014-0624
2015-10-06 00:00:00
CentOS Update for openssl098e CESA-2014:0626 centos6
2014-06-09 00:00:00
Junos SSL/TLS MITM Vulnerability
2015-01-23 00:00:00
nessus
nessus
Blue Coat ProxySG 4.x OpenSSL Security Bypass
2014-06-20 00:00:00
Blue Coat ProxySG 6.2.x OpenSSL Security Bypass
2014-06-20 00:00:00
RHEL 4 / 5 / 6 : openssl (RHSA-2014:0627)
2014-11-08 00:00:00
ibm
ibm
arista
arista
Security Advisory 0005
2014-06-09 00:00:00
nodejsblog
nodejsblog
OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)
2014-06-16 00:00:00
centos
centos
openssl security update
2014-06-06 01:40:21
openssl097a, openssl098e security update
2014-06-05 13:21:51
cert
cert
OpenSSL is vulnerable to a man-in-the-middle attack
2014-06-05 00:00:00
amazon
amazon
Important: openssl098e
2014-06-05 15:38:00
Important: openssl097a
2014-06-05 15:38:00
thn
thn
Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw
2014-06-26 21:22:00
jvn
jvn
JVN#61247051: OpenSSL improper handling of Change Cipher Spec message
2014-06-06 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL TLS Man-In-The-Middle Security Bypass (CVE-2014-0224)
2014-06-09 00:00:00
checkpoint_security
checkpoint_security
SSL/TLS MITM vulnerability (CVE-2014-0224)
2014-06-05 21:00:00
oraclelinux
oraclelinux
openssl security update
2014-06-05 00:00:00
openssl098e security update
2014-07-23 00:00:00
openssl security update
2014-06-11 00:00:00
redhat
redhat
(RHSA-2014:0627) Important: openssl security update
2014-06-05 00:00:00
(RHSA-2014:0624) Important: openssl security update
2014-06-05 00:00:00
f5
f5
K15325 : OpenSSL vulnerability CVE-2014-0224
2015-10-15 00:00:00
SOL15325 - OpenSSL vulnerability CVE-2014-0224
2014-06-05 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2017-02-07 02:08:35
Man-in-the-Middle (MitM)
2019-01-15 08:52:44
prion
prion
Design/Logic Flaw
2014-06-05 21:55:00
debiancve
debiancve
CVE-2014-0224
2014-06-05 21:55:00
mariadbunix
mariadbunix
CVE-2014-0224
2014-06-05 21:55:07
metasploit
metasploit
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
2014-06-09 22:38:11
SSL Labs API Client
2015-03-27 11:34:11
hp
hp
hackerone
hackerone
Whisper: CVE-2014-0224 openssl ccs vulnerability
2015-03-11 04:42:02
kaspersky
kaspersky
KLA10266 OSI vulnerability in MySQL Workbench
2014-06-27 00:00:00
KLA10382 Multiple vulnerabilities in VMware
2014-06-10 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-0224
2014-06-05 00:00:00
cve
cve
CVE-2014-0224
2014-06-05 21:55:00
paloalto
paloalto
OpenSSL Man-in-the-middle vulnerability
2014-06-09 07:00:00
ubuntucve
ubuntucve
CVE-2014-0224
2014-06-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1h-alt1
2014-06-05 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1h-alt1
2014-06-05 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1h-alt1
2014-06-05 00:00:00
kitploit
kitploit
yawast - The YAWAST Antecedent Web Application Security Toolkit
2016-10-16 14:12:00
MassBleed - Mass SSL Vulnerability Scanner
2015-12-09 20:20:00
suse
suse
Security update for OpenSSL (critical)
2014-06-07 00:04:15
Security update for OpenSSL (critical)
2014-06-06 00:04:19
Security update for OpenSSL (critical)
2014-06-07 01:04:17
debian
debian
openssl security update
2014-06-20 16:35:33
openssl security update
2014-06-20 16:35:50
[SECURITY] [DSA 2950-2] openssl update
2014-06-16 18:21:12
chrome
chrome
Stable Channel Update for Chrome OS
2014-06-10 00:00:00
seebug
seebug
OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)
2016-12-20 00:00:00
osv
osv
openssl - security update
2014-06-20 00:00:00
nmap
nmap
ssl-ccs-injection NSE Script
2014-06-11 13:43:28
vmware
vmware
VMware product updates address OpenSSL security vulnerabilities
2014-06-10 00:00:00
mageia
mageia
Updated openssl packages fix multiple vulnerabilties
2014-06-06 14:31:01
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-06-05 00:00:00
OpenSSL regression
2014-06-12 00:00:00
Related for HP_LASERJET_HPSBPI03107.NASL