HPSBHF03647 rev. 2 - HP Open-Chassis Pre-boot Direct Memory Access (DMA) Vulnerability

Potential Security Impact Arbitrary Code Execution, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT. Reported by: Mickey Shkatov from Eclypsium, and Zoltan Harmath from Microsoft. VULNERABILITY SUMMARY A potential security vulnerability with pre-boot...

HPSBPI03648 rev. 1 - HP Enterprise Printers - Potential Redirection Page Cross-Site Scripting After Clicking Third-Party Malicious Link

Potential Security Impact Cross-Site Scripting VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link. RESOLUTION HP has...

HPSBHF03649 rev. 3 - Intel Rapid Storage Technology (RST) December 2019 Security Updates

Potential Security Impact Escalation of privilege. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability has been identified in the Intel Rapid Storage Technology RST which may allow escalation of privilege. RESOLUTION Intel...

HPSBPI03646 rev.1 - Certain HP Enterprise MFP products: Elevation of Privilege

Potential Security Impact Elevation of privilege VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP multifunction printers MFP which may lead to elevation of privilege. RESOLUTION HP has provided firmware updates for potentially impacted printers for the...

HPSBGN03632 rev. 1 - HP SoftPaq Installer Vulnerability

Potential Security Impact Execution of Arbitrary Code, Escalation of Privilege. Source: HP, HP Product Security Response Team PSRT Reported by: Pierre-Alexandre Braeken; Eran Shimony VULNERABILITY SUMMARY A potential security vulnerability has been identified with a version of the HP Softpaq...

HPSBHF03645 rev. 3 - NVIDIA GPU Display Driver Vulnerabilities 2019

Potential Security Impact Denial of service, escalation of privilege, unauthorized code execution, or information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY HP has been notified of potential security vulnerabilities with the GPU Displa...

HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability

Potential Security Impact Disclosure and Modification of Information Source: HP, HP Product Security Response Team PSRT Reported by: N/A VULNERABILITY SUMMARY Certain HP printers are vulnerable to the Key Negotiation of Bluetooth KNOB attack. Data over Bluetooth can be intercepted, decrypted, and...

HPSBPI03643 rev. 1 - Certain HP Enterprise Printers and MFP products - Potential instability of solution

Potential Security Impact Potential instability of solution VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability...

HPSBGN03644 rev. 1 - HP Device Manager VNC Session Remote Unauthorized Access

Potential Security Impact Remote Unauthorized Access Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY HP has identified an issue affecting VNC session security within HP Device Manager that could potentially be leveraged to create unauthorized connections. RESOLUTION HP is...

HPSBHF03642 rev. 2 - HP ThinPro Linux Information Disclosure and Privilege Escalation

Potential Security Impact Information Disclosure, Privilege Escalation, and Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported by: Eldar Marcussen - xen1thLabs - Software Labs PSR-2019-0173, CVE-2019-16285, CVE-2019-16286, CVE-2019-16287, CVE-2019-18909,...

HPSBHF03641 rev. 1 - Intel® Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory

Potential Security Impact Escalation of Privilege, Denial of Service Source : HP, HP Product Security Response Team PSRT Reported by : Intel VULNERABILITY SUMMARY HP has been notified of a potential security vulnerability with Intel Accelerated Storage Manager in Intel Rapid Storage Technology...

HPSBHF03639 rev. 4 - Intel WIFI Drivers and Intel PROSet/Wireless WiFi Software Security Advisory

Potential Security Impact Escalation of privilege, denial of service, or information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with Intel WIFI Drivers and Intel...

HPSBHF03638 rev. 4 - Intel 2019.2 IPU BIOS Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple security vulnerabilities have been identified by Intel. Intel is releasing updates for BIOS, Voltage...

HPSBHF03637 rev. 3 - Intel 2019.2 IPU CSME SPS TXE AMT Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, or Information Disclosure Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple security vulnerabilities have been identified by Intel. Intel is releasing updates for Intel®...

HPSBHF03635 rev. 3 - Intel 2019.2 IPU Ethernet 700 Series Controllers Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, or Information Disclosure Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with Intel® Ethernet 700 Series...

HPSBHF03636 rev. 4 - Intel 2019.2 IPU Graphics Driver Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, or Information Disclosure Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple security vulnerabilities have been identified by Intel. Intel is releasing Intel® Graphics...

HPSBHF03633 rev.1 - Intel Rapid Storage Technology (RSTe) Driver Installer Vulnerability

Potential Security Impact Escalation of privilege VULNERABILITY SUMMARY HP has been notified of a security vulnerability with the driver pack installers for IntelR RSTe package versions before version 4.7.0.2083 that may allow an authenticated user to escalate privilege via local access. RESOLUTI...

HPSBGN03625 rev.1 - HP Touchpoint Analytics Execution of Arbitrary Code

Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT Reported by: Peleg Hadar SafeBreach Labs VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version...

HPSBPI03622 rev. 1 - HP Access Control - Potential Security Vulnerability

Potential Security Impact Elevation of privilege Source: HP VULNERABILITY SUMMARY A potential security vulnerability has been identified in the software solution HP Access Control. This vulnerability could potentially grant elevation of privilege. RESOLUTION HP has provided the software updates f...

HPSBPI03628 rev .1 - Samsung Laser Printers, Denial of Service

Potential Security Impact Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: XiaoyuHe VULNERABILITY SUMMARY A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of...

HPSBPI03630 rev. 2 - HP Inkjet Printers - Buffer Overflow and Local Disclosure of Information

Potential Security Impact Buffer Overflow, Disclosure of Information Source: HP, HP Product Security Response Team PSRT Reported By: XiaoyuHe@VARAS VULNERABILITY SUMMARY A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer...

HPSBHF03631 rev. 6 - BIOS Privilege Elevation Vulnerability

Potential Security Impact Elevation of privilege Source: HP, HP Product Security Response Team PSRT Reported by: yngwei @yngweijw of IIE VARAS, MengHao, Li of IIE VARAS and driedfish @d3af1sh of IIE VULNERABILITY SUMMARY A potential security vulnerability has been identified which involves possib...

HPSBPI06327 rev. 1 - Execution of Arbitrary Code for HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers

Potential Security Impact Execution of arbitrary code VULNERABILITY SUMMARY Solution application signature checking may allow potential execution of arbitrary code. RESOLUTION Perform the following steps to help mitigate the vulnerability. 1. Update firmware for impacted printers as indicated in...

HPSBHF03626 rev. 1 - Intel Turbo Boost Max Technology 3.0 Advisory

Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY HP has been notified of a potential security vulnerability with the Intel Turbo Boost Max Technology 3.0 Driver, which may allow escalation of privilege...

HPSBPI03624 rev.1 - HP InkJet Printers - Cross-site Scripting (XSS)

Potential Security Impact Cross-site scripting XSS Source: HP, HP Product Security Response Team PSRT Reported by: Barış Sağdıç BS Cyber Security Inc. VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited...

HPSBGN03623 rev. 1 - Exposure of Application Configuration Details - Samsung Mobile Print (Android)

Potential Security Impact Application's configuration details exposed Source: HP, HP Product Security Response Team PSRT Reported by: Akshay Jain Appknox VULNERABILITY SUMMARY A potential security vulnerability caused by incomplete obfuscation of application configuration information. HP has no...

HPSBHF03621 rev. 2 - Intel USB 3.0 eXtensible Host Controller Windows 7 Driver Vulnerability

Potential Security Impact Escalation of privilege Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability in the Intel USB 3.0 eXtensible Host Controller Driver may allow escalation of privilege. Intel has released software...

HPSBGN03620 rev. 4 - HP Support Assistant Escalation of Privilege Vulnerability

Potential Security Impact Elevation of privilege and unauthorized modification of directories or files. Source: HP, HP Product Security Response Team PSRT Reported by: Philippe Laulheret McAfee Advanced Threat Research, ManhNDd Bkav Corporation VULNERABILITY SUMMARY The vulnerability allows a use...

HPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities

Potential Security Impact XSS, CSRF, Potential Buffer Overflow Reported by: Mario Rivas and Daniel Romero, NCC Group VULNERABILITY SUMMARY HP has identified potential security vulnerabilities with certain HP printers. The vulnerabilities could be exploited to perform Cross-site scripting XSS,...

HPSBHF03617 rev. 4 - Intel UEFI System Firmware Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Multiple potential security vulnerabilities in Intel firmware that might allow for escalation of privilege or denial of service...

HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates

Potential Security Impact Information Disclosure Source : HP, HP Product Security Response Team PSRT Reported By : Intel VULNERABILITY SUMMARY Potential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL,...

HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with Intel® CSME, Trusted Execution Engine and...

HPSBHF03615 rev. 2 - Intel Graphics Drivers Security Updates

Potential Security Impact Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Multiple potential security vulnerabilities in Intel® Graphics Driver for Windows may allow users to cause denial of service. RESOLUTION HP has identified the...

HPSBHF03614 rev. 1 - Processor Registers Left Unlocked When TPM is Disabled

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity Source: HP, HP Product Security Response Team PSRT Reported By: HP Inc. VULNERABILITY SUMMARY HP has identified a security vulnerability with some versions of...

HPSBPI03613 rev. 1 - HP DeskJet 3630 Printers - Cross Site Request Forgery

Potential Security Impact Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Tim Coen VULNERABILITY SUMMARY Certain HP DeskJet 3630 All-in-One Printers have a Cross Site Request Forgery CSRF vulnerability that could lead to a denial of service DOS or device...

HPSBHF03612 rev. 2 - Synaptics Audio Driver Package Allowing System Level Access to the Registry

Potential Security Impact Escalation of privilege Source: Synaptics, HP Product Security Response Team PSRT Reported By: Synaptics VULNERABILITY SUMMARY A potential security vulnerability has been identified with the Synaptics previously Conexant Sound Device Driver CxUtilSVc.exe component...

HPSBHF03611 rev. 2 - NVIDIA GPU Display Driver Vulnerabilities

Potential Security Impact Denial of service, Escalation of privilege, Unauthorized code execution, or Information disclosure Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY HP has been notified of potential security vulnerabilities with the GPU Display...

HPSBPI03610 rev. 1 - HP LaserJet Enterprise Printers, HP PageWide Enterprise Printers, HP LaserJet Managed Printers, HP OfficeJet Enterprise Printers, Execution of Arbitrary Code

Potential Security Impact Execution of arbitrary code VULNERABILITY SUMMARY Insufficient solution bundle signature validation potentially allows execution of arbitrary code. RESOLUTION Perform the following two steps to mitigate the vulnerability. Step 1: Update the printer firmware Update firmwa...

HPSBHF03609 rev. 3 - TPM Platform Configuration Vulnerability After S3 Resume

Potential Security Impact Information Disclosure, Denial of Service, Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: Seunghun Han, National Security Research Institute VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the...

HPSBHF03608 rev. 3 - Intel Graphics Drivers Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, and Information Disclosure VULNERABILITY SUMMARY Potential security vulnerabilities in Intel® Graphics Driver for Windows have been identified which could allow users to potentially escalate privileges, disclose information or...

HPSBHF03606 rev. 2 - Intel Platform System BIOS Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Intel Platform Firmware that could allow privileged...

HPSBHF03607 rev. 3 - Intel CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Intel® CSME, Server Platform Services, Trusted...

HPSBGN03605 rev.1 - HP Support Assistant DLL Loading Vulnerability

Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT Reported By: Marius Gabriel Mihai VULNERABILITY SUMMARY The vulnerability allows an unauthorized person to load arbitrary code. RESOLUTION Version 8.7.50.3 was released on December 11, 2018...

HPSBHF03604 rev. 2 - Intel Xeon® Platform Firmware Included Unsecure Handling of Certain UEFI Variables

Potential Security Impact Escalation of Privilege, Denial of Service. Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Insecure handling of UEFI variables in Intel® Xeon® Scalable processors, Intel® Xeon® Processor E5 v4 Family, Intel® Xeon® Processor E5...

HPSBHF03603 rev. 3 - Escalation of Privilege via Intel PROSet/Wireless Wi-Fi Software

Potential Security Impact Escalation of privilege Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A potential security vulnerability in Intel® PROSet/Wireless Wi-Fi Software might allow escalation of privilege. Intel has released a software updat...

HPSBHF03602 rev. 4 - Synaptics Touchpad Driver for Windows Can Leak Freed Kernel Memory Pointers

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Synaptics VULNERABILITY SUMMARY The Synaptics TouchPad driver can reveal freed kernel memory pointers through the driver API. This could be used by an unauthorized third party to weake...

HPSBHF03601 rev. 4 - Arbitrary Code Execution via Intel Smart Sound Technologies Driver

Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY HP has been informed of potential security vulnerabilities in the Intel Smart Sound Technologies driver module prior to version 9.21.00.354. These...

HPSBGN03599 rev. 2 - Certificate Authentication Vulnerability in HP Remote Graphics Software

Potential Security Impact Information disclosure Source : HP, HP Product Security Response Team PSRT Reported by : Rowan Venables VULNERABILITY SUMMARY A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process. RESOLUTION HP has mitigated th...

HPSBHF03600 rev. 2 - Insecure Handling of BIOS and AMT Passwords

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability has been identified with the Intel platform code firmware included in certain Intel vPro Processor families with AMT...

HPSBHF03598 rev. 6 - EDK II Untested Memory Not Covered by SMM Page Protections

Potential Security Impact Escalation of Privilege, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: TianoCore Bugzilla VULNERABILITY SUMMARY Incorrect handling of memory types in TianoCore firmware potentially allows an attacker with local access to bypass...