HPSBHF03568 rev. 11 - Infineon TPM Security Update

Potential Security Impact Potential loss of confidentiality Source: Infineon VULNERABILITY SUMMARY A security vulnerability was identified in the RSA key generation method used by TPM products listed below. This leaves the keys potentially vulnerable via targeted, computationally expensive attack...

HPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3...

HPSBPI03687 rev. 3 - Certain HP LaserJet Printer and MFP Products and JetDirect Print Server Products - Information Disclosure

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Broadcom VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP printers and MFPs. A Broadcom wireless vulnerability known as "Kr00k" CVE-2019-1512...

HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY The “Heartbleed” vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletin’s objective is to notify HP customers about certain HP...

HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)

Potential Security Impact Cross-site Scripting XSS Source: HP, HP Product Security Response Team PSRT Reported by: The jQuery Foundation VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP printers and MFPs. In jQuery versions before 3.5.0, passing HTML fro...

HPSBPI03107 rev.3 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access

Potential Security Impact Remote Unauthorized access VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote...

HPSBGN3552 rev.1 HP Secure Boot UEFI Update

Potential Security Impact Secure Boot Bypass VULNERABILITY SUMMARY HP UEFI update to support Microsoft's enhanced protection of Windows secure boot policies. RESOLUTION HP has provided firmware updates to address the vulnerability for HP PCs with UEFI Firmware. To acquire the firmware updates, go...

HPSBPI03666 rev. 3 - Certain HP and Samsung-branded Print Products - Network Stack Potential Vulnerabilities

Potential Security Impact Remote Code Execution, Denial of Service, and Multiple other Potential Vulnerabilities VULNERABILITY SUMMARY Multiple potential vulnerabilities may exist in the Treck Inc. networking stack used in certain HP and Samsung-branded printers. These may include, but not be...

HPSBHF03647 rev. 2 - HP Open-Chassis Pre-boot Direct Memory Access (DMA) Vulnerability

Potential Security Impact Arbitrary Code Execution, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT. Reported by: Mickey Shkatov from Eclypsium, and Zoltan Harmath from Microsoft. VULNERABILITY SUMMARY A potential security vulnerability with pre-boot...

NVIDIA GPU Display Driver May 2022 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which may allow escalation of privilege, arbitrary code execution, denial of service, and information disclosure. NVIDIA has released updates to mitigate these vulnerabilities...

Intel 2021.2 IPU - BIOS Firmware February 2022 Security Updates

Intel has informed HP of potential security vulnerabilities identified in BIOS firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has...

HP Application Enabling Software Driver - Privileged File Overwrite

A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. Mitigation is available in HP Application Enablin...

HPSBGN03558 rev.9 - Conexant HD Audio Driver Local Debug Log

Potential Security Impact Potential, local loss of confidentiality VULNERABILITY SUMMARY A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. H...

HPSBHF03589 rev. 5 - HP Ink Printers Remote Code Execution

Potential Security Impact Reported by: TBA VULNERABILITY SUMMARY Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. RESOLUTIO...

HPSBPI03648 rev. 1 - HP Enterprise Printers - Potential Redirection Page Cross-Site Scripting After Clicking Third-Party Malicious Link

Potential Security Impact Cross-Site Scripting VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link. RESOLUTION HP has...

HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This...

HPSBHF03564 rev 2 - Synaptics Touchpad Driver Potential, Local Loss of Confidentiality

Potential Security Impact Potential, local loss of confidentiality. Source: Synaptics Reported by: Michael Myng VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would...

HPSBPI03624 rev.1 - HP InkJet Printers - Cross-site Scripting (XSS)

Potential Security Impact Cross-site scripting XSS Source: HP, HP Product Security Response Team PSRT Reported by: Barış Sağdıç BS Cyber Security Inc. VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited...

HPSBHF03436 rev.2 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges

Potential Security Impact Elevated Privileges Source: Hewlett­Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Thin Clients running ThinPro OS. The vulnerability could be exploited exploited locally...

HP UEFI Firmware February 2022 Security Updates

Potential vulnerabilities have been identified in UEFI firmware BIOS for some PC products which may allow escalation of privilege and arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. HP has identified affected platforms and corresponding...

Intel 2022.1 IPU BIOS Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors, in BIOS firmware or BIOS authenticated code module for some Intel® Processors, and in the Intel® Software Guard Extensions SGX Platform which may allow escalation of privilege, information disclosure...

HPSBHF03621 rev. 2 - Intel USB 3.0 eXtensible Host Controller Windows 7 Driver Vulnerability

Potential Security Impact Escalation of privilege Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability in the Intel USB 3.0 eXtensible Host Controller Driver may allow escalation of privilege. Intel has released software...

HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers

Potential Security Impact Potential exposure of SMTP credentials when configuring HP Designjet and HP Latex printers. Reported by: Nicodemo Gawronski VULNERABILITY SUMMARY HP has identified a potential security vulnerability with some HP Designjet and HP Latex printers that may expose the...

HPSBHF03649 rev. 3 - Intel Rapid Storage Technology (RST) December 2019 Security Updates

Potential Security Impact Escalation of privilege. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability has been identified in the Intel Rapid Storage Technology RST which may allow escalation of privilege. RESOLUTION Intel...

HPSBPI03566 Rev 3 - HP DesignJet, OfficeJet, LaserJet, PageWide, Photosmart Printers, Execution of Arbitrary Code or Denial of Service

Potential Security Impact Execution of arbitrary code or Denial of Service Source: HP Product Security Response Team PSRT Reported by: Check Point Software VULNERABILITY SUMMARY Integer overflow in SOAP Simple Object Access Protocol function in Genivia gSOAP allows execution of arbitrary code or...

HPSBGN3551 rev. 2- HP Hotkey, Escalation of Privilege

Potential Security Impact Elevation of Privilege VULNERABILITY SUMMARY Hotkey Support service used an unquoted service path. An attacker who had physical access to the system may gain elevated privileges by inserting an executable file in the path of the affected service RESOLUTION Download and...

HPSBHF03665 rev. 3 - Realtek Audio Driver Security Update

Potential Security Impact Escalation of Privilege, Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY HP has been notified of a potential vulnerability with the Realtek High Definition Audio Driver for Windows, which may lead to DLL preloading and...

HPSBPI03709 rev. 1 - Certain HP and Samsung-branded Print Products - IPv6 Network Stack Vulnerability

Potential Security Impact Denial of Service Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY HP has identified a potential security vulnerability with the IPv6 network stack of certain HP and Samsung branded printers that could result in a denial of service. RESOLUTION HP ...

HPSBHF03705 rev. 6 - BIOS November 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: HP, Intel VULNERABILITY SUMMARY Intel® has informed HP of potential security vulnerabilities identified in Intel® Processors, BIOS Firmware...

HPSBGN03632 rev. 1 - HP SoftPaq Installer Vulnerability

Potential Security Impact Execution of Arbitrary Code, Escalation of Privilege. Source: HP, HP Product Security Response Team PSRT Reported by: Pierre-Alexandre Braeken; Eran Shimony VULNERABILITY SUMMARY A potential security vulnerability has been identified with a version of the HP Softpaq...

HPSBPI03014 rev.2 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential vulnerability exists in HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers. This is the OpenSSL vulnerability known as "Heartbleed" CVE-2014-0160 which could be exploited remotely resulting ...

HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products

Potential Security Impact Remote disclosure of information. Source:Mathy Vanhoef of imec-DistriNet, KU Leuven VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2. This vulnerabili...

NVIDIA® GPU Display Driver November 2022 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure. NVIDIA has released software updates to mitigate these...

Expat Library update for Teradici PCoIP Software and Firmware

HP has provided updated versions of Teradici PCoIP Software and Firmware that remediates vulnerabilities found in libexpat prior to version 2.4.7. Products can be updated or replaced with the latest release by downloading from the Teradici website and following standard installation or update...

AMD® Graphics Driver November 2021 Security Updates

AMD has informed HP of potential security vulnerabilities identified in the AMD® Graphics Driver for Windows 10 which may allow escalation of privilege, denial of service, or information disclosure. AMD has released updates to mitigate the potential vulnerabilities. HP has identified affected...

HPSBHF03703 rev. 4 - Intel® 2020.2 IPU - CSME, SPS, TXE, AMT, and DAL Security Update

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities identified in Intel® Converged Security and...

HPSBHF03571 rev. 6 - Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability

Potential Security Impact Potential denial of service or escalation of privilege. Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain versions of Intel Active Management Technology, Management Engine Firmware, and Management...

HP PC BIOS February 2022 Security Update

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. HP is releasing mitigation for the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential...

Multiple vulnerabilities in HP Support Assistant

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. HP strives to address all security issues with HP...

Intel 2024.1 IPU - BIOS March 2024 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors and/or BIOS Firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate this potential...

HPSBHF03119 rev.3 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution

Potential Security Impact Remote code execution VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow...

HP PC BIOS February 2022 Security Updates for 11 Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, and information disclosure. HP is releasing mitigation for the potential vulnerabilities. HP has identified affected...

HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability

Potential Security Impact Elevation of Privilege, Information Disclosure, Denial of Service. Source: HP, HP Product Security Response Team PSRT, Intel. Reported by: Intel. VULNERABILITY SUMMARY HP has been notified of a security vulnerability in the Bluetooth pairing process potentially allowing ...

HPSBHF03557 rev. 1 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation

Potential Security Impact Remote escalation of privilege on provisioned systems or local escalation of privilege on unprovisioned systems. VULNERABILITY SUMMARY A security vulnerability has been discovered in Intel’s manageability firmware that impacts all Intel OEMs. This vulnerability is a...

HP PC BIOS Pre-boot DMA Protection Security Update

A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate th...

HP Device Manager Vulnerability Update (5.0.12)

Potential vulnerabilities have been identified in the HP Device Manager versions prior to HPDM 5.0.12. HP is releasing mitigation for the potential vulnerabilities as part of 5.0.12 release. All of the identified vulnerabilities listed above were addressed and fixed as part of HP Device Manager...

Intel® Processors June 2022 Security Update

Intel has informed HP of potential security vulnerabilities in Memory Mapped I/O MMIO for some Intel® Processors which may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential...

HP PC UEFI Secure Boot Database Update July 2022

Potential vulnerabilities have been identified in certain UEFI applications signed by HP which may allow local arbitrary code execution. HP is providing a standalone Secure Boot Update Utility SBUU for identified HP PC products to update the secure boot database so that these vulnerable UEFI...

HPSBHF03689 rev. 2 - HP Device Manager Weak Cipher Implementation, Remote Method Invocation, and Elevation of Privilege

Potential Security Impact Susceptibility to dictionary attacks, unauthorized remote access to resources, and elevation of privilege. Source: HP, HP Product Security Response Team PSRT Reported By: Nick Bloor VULNERABILITY SUMMARY Potential vulnerabilities have been identified with certain version...

HPSBPI03031 rev.3 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability has been identified in HP Officejet Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" CVE-2014-0160 which...