610 matches found
HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability
Potential Security Impact Information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Tampere University of Technology, Finland and Technical University, Cuba VULNERABILITY SUMMARY An industry-wide vulnerability has been reported which impacts CPUs that use Simultaneou...
HPSBPI03596 rev. 2 - HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, Execution of Arbitrary Code
Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY Solution application signature checking may allow potential execution of arbitrary code. RESOLUTION HP has provided firmware updates for impacted printers as indicated i...
HPSBHF03595 rev. 6 - LoJax UEFI Rootkit
Potential Security Impact Elevation of Privilege, Information Disclosure, Loss of Confidentiality, Loss of Integrity. Source: HP, HP Product Security Response Team PSRT Reported by: ESET Research VULNERABILITY SUMMARY HP has identified a potential security vulnerability with a UEFI rootkit LoJax...
HPSBHF03594 rev. 4 - Intel Graphics Unified Shader Compiler
Potential Security Impact Elevation of Privilege / Denial of Service Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple potential vulnerabilities in the User Mode driver components of the Intel Graphics Driver Unified Shader Compiler might...
HPSBHF03593 rev. 2 - Firmware Trusted Platform Module (fTPM) for Select AMD Client Systems
Potential Security Impact Unauthorized access, elevation of privilege. Source: HP, HP Product Security Response Team PSRT Reported By: CTS-Labs VULNERABILITY SUMMARY A security vulnerability has been identified in specific versions of the AMD firmware-based Trusted Platform Module fTPM. The fTPM ...
HPSBHF03592 rev. 3 - Intel Converged Security and Management Engine (CSME) and Power Management Controller (PMC) Security Updates
Potential Security Impact Elevation of privilege, information disclosure, denial of service Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities with Intel CSME firmware and PMC firmware have been identified that could potentially place impacted platforms at...
HPSBHF03591 rev. 1 - Intel Wireless Driver DLL Injection Vulnerability
Potential Security Impact Escalation of privilege Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY HP has been notified of a security vulnerability in the installation executables Autorun.exe and Setup.exe for Intel's wireless drivers and related...
HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)
Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A new speculative execution side channel variant has been discovered called L1 Terminal Fault L1TF. There are no repor...
HPSBHF03589 rev. 5 - HP Ink Printers Remote Code Execution
Potential Security Impact Reported by: TBA VULNERABILITY SUMMARY Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. RESOLUTIO...
HPSBHF03588 rev. 1 - Intel Q1 2018 Intel® Active Management Technology 9.x/10.x/11.x Security Review Cumulative Update and Intel® Management Engine 11.x Issue
Potential Security Impact Elevation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel has identified security vulnerabilities that could potentially place affected platforms at risk. The issues affect Intel® Active Management Technology...
HPSBHF03587 rev. 1 - Information Disclosure Vulnerability in Storage Media in Systems with Intel® Optane™ Memory Module with Whole Disk Encryption
Potential Security Impact Some platforms configured with Whole Disk Encryption and an Intel® Optane™ memory module, may be at risk of data remaining unencrypted and potentially accessible under specific conditions. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILIT...
HPSBHF03586 rev. 1 - DCI Policy Update
Potential Security Impact Information disclosure and escalation of privilege via limited physical presence. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel platforms, starting with Skylake, support a USB 3-based debugging interface a.k.a. Direct...
ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM
A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This vulnerability could potentially be exploited remotely to allow remote disclosure of...
HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM
Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This...
HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability
Potential Security Impact Elevation of Privilege, Information Disclosure, Denial of Service. Source: HP, HP Product Security Response Team PSRT, Intel. Reported by: Intel. VULNERABILITY SUMMARY HP has been notified of a security vulnerability in the Bluetooth pairing process potentially allowing ...
HPSBHF03584 rev. 8 - Derivative Side-Channel Analysis Method
Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT Reported By: CVE-2018-3639: Google Project Zero GPZ Microsoft Security Response Center MSRC CVE-2018-3640: Researchers from SYSGO AG and BiZone LLC VULNERABILITY...
HPSBGN03565 rev.1 - Unsecure (http) Transactions in Isaac Mizrahi Smartwatch Mobile App
Potential Security Impact Potential theft of credentials and UI hijack Source: HP, HP Product Security Response Team PSRT Reported by: Jerry Decime VULNERABILITY SUMMARY A potential security vulnerability caused by the use of unsecure http transactions during login has been identified with early...
HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security
Potential Security Impact Information Disclosure Source: University of Leuven Reported by: Intel VULNERABILITY SUMMARY Enhancement to address CVE-2017-13080 and CVE-2017-13081, which is the KRACK vulnerability that affects the security of WPA2 wireless LAN encryption. RESOLUTION A Microsoft...
HPSBHF03581 rev. 4 - AMD Secure Processor and Promontory Chipset Exploits
Potential Security Impact Circumvention of platform security controls, unauthorized access to system memory, installation of difficult to detect malware. Source: CTS Reported By: CTS VULNERABILITY SUMMARY Vulnerability | Description | Impact ---|---|--- MASTERKEY | Attacker who already has...
HPSBPI03580 rev. 2 - Cross Site Request Forgery Vulnerability for Certain HP Enterprise and PageWide Printers
Potential Security Impact Elevation of Privilege. Reported by: Mohamed Abdelbaset Elnoby VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Enterprise and PageWide printers and MFPs. This vulnerability is known as Cross Site Request Forgery and could...
HPSBHF03578 rev. 5 - Intel Graphics Driver - Pointer Dereference / Type Confusion in HECI Service
Potential Security Impact Elevation of Privilege Source: HP, HP Security Response Team PSIRT Reported by: Intel VULNERABILITY SUMMARY CVE-2017-5717: The Intel® Content Protection HECI Service has a Type Confusion vulnerability which potentially can lead to a privilege escalation. The HECI service...
HPSBGN03575 rev. 1 - BIOS Password Extraction Vulnerability on Certain HP Notebooks
Potential Security Impact The unencrypted password was able to be accessed by CMOS tools. Source: HP, HP Product Security Response Team PSRT Reported By: Bader Zaidan VULNERABILITY SUMMARY A BIOS password extraction vulnerability has been reported on certain consumer notebooks. The BIOS password...
HPSBGN03577 rev 1 - Exposure of Application Configuration Details - Tommy Hilfiger TH24/7 Android app
Potential Security Impact Information exposure of application configuration. Reported By: Akshay Jain VULNERABILITY SUMMARY A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered. HP has no access to customer data as a result of...
HPSBHF03576 rev. 3 - Intel AMT MEBx Bypass
Potential Security Impact Elevation of Privilege/Information Disclosure. Reported by: F-Secure, Google VULNERABILITY SUMMARY Un-provisioned Intel® vPro™ platforms containing Intel® Active Management Technology Intel® AMT are vulnerable to unauthorized local provisioning via physical access. The...
HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products
Potential Security Impact Remote disclosure of information. Source:Mathy Vanhoef of imec-DistriNet, KU Leuven VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2. This vulnerabili...
HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities
Potential Security Impact KRACK Attacks VULNERABILITY SUMMARY On October 16, security researchers publicly announced vulnerabilities in the WiFi WPA2 standard. See the References section below for links to additional resources describing the KRACK Attacks WPA2 potential vulnerabilities in detail...
HPSBHF03572 rev. 4 - Unsafe Opcodes Exposed in SPI
Potential Security Impact Denial of Service Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with how the SPI interface is configured on certain platforms. Specific SPI OpCodes may be left accessible and vulnerable to misuse. In the...
HPSBHF03573 rev. 15 - Side-Channel Analysis Method
Potential Security Impact Elevation of Privilege/Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Google Project Zero VULNERABILITY SUMMARY An industry-wide vulnerability, known as side channel analysis method, has been disclosed with modern CPUs using...
HPSBHF03571 rev. 6 - Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability
Potential Security Impact Potential denial of service or escalation of privilege. Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain versions of Intel Active Management Technology, Management Engine Firmware, and Management...
HPSBPI03569 rev 4 - HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers, Execution of arbitrary code
Potential Security Impact Execution of arbitrary code Source: NTT Security Reported By: Stephen Breen VULNERABILITY SUMMARY Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code. RESOLUTION Available Mitigation Settings: The vulnerability can be avoided by...
HPSBHF03564 rev 2 - Synaptics Touchpad Driver Potential, Local Loss of Confidentiality
Potential Security Impact Potential, local loss of confidentiality. Source: Synaptics Reported by: Michael Myng VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would...
HPSBHF03568 rev. 11 - Infineon TPM Security Update
Potential Security Impact Potential loss of confidentiality Source: Infineon VULNERABILITY SUMMARY A security vulnerability was identified in the RSA key generation method used by TPM products listed below. This leaves the keys potentially vulnerable via targeted, computationally expensive attack...
HPSBPI03566 Rev 3 - HP DesignJet, OfficeJet, LaserJet, PageWide, Photosmart Printers, Execution of Arbitrary Code or Denial of Service
Potential Security Impact Execution of arbitrary code or Denial of Service Source: HP Product Security Response Team PSRT Reported by: Check Point Software VULNERABILITY SUMMARY Integer overflow in SOAP Simple Object Access Protocol function in Genivia gSOAP allows execution of arbitrary code or...
HPSBGN03561 rev.2 - HP Support Assistant Potential Escalation of Privilege
Potential Security Impact Escalation of privilege and unauthorized modification of directories or files. Source: HP, HP Product Security Response Team PSRT Reported by: Danny Wei of Tencent's Xuanwu Lab VULNERABILITY SUMMARY The vulnerability allows attacker to extract binaries into protected fil...
HPSBPI03562 rev 1 - HP JetAdvantage Security Manager, Cross-site scripting, Denial of Service
Potential Security Impact HP JetAdvantage Security Manager, Cross-site scripting, Denial of service Reported by: HP VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager. The vulnerabilities could potentially be exploited to allow stor...
HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers
Potential Security Impact Potential exposure of SMTP credentials when configuring HP Designjet and HP Latex printers. Reported by: Nicodemo Gawronski VULNERABILITY SUMMARY HP has identified a potential security vulnerability with some HP Designjet and HP Latex printers that may expose the...
HPSBHF03560 rev 1 - Possible Elevation of Privilege and Information Disclosure via Intel® Software Guard Extensions (Intel® SGX) Vulnerability
Potential Security Impact Elevation of privilege, information disclosure Source: Intel Reported by: Intel VULNERABILITY SUMMARY Intel has discovered a vulnerability that could impact the security of Intel® Software Guard Extensions Intel® SGX. Before exploiting this vulnerability, the malicious...
HPSBPI03556 rev 1 - HP Web Jetadmin, Denial of Service
Potential Security Impact HP Web Jetadmin, potential denial of service Reported by: Konrad Ferbes and Vojtěch Dziewięcki from F-Secure VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Web Jetadmin. This vulnerability could potentially be exploited to create a...
HPSBPI03559 rev 1 - HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS, Cross Site Scripting (XSS)
Potential Security Impact Cross Site Scripting XSS Reported by: Jerry Decime VULNERABILITY SUMMARY HP has identified a potential security vulnerability with certain HP printers. The vulnerability could be exploited to perform a cross site scripting XSS attack. RESOLUTION HP has provided firmware...
HPSBGN03558 rev.9 - Conexant HD Audio Driver Local Debug Log
Potential Security Impact Potential, local loss of confidentiality VULNERABILITY SUMMARY A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. H...
HPSBHF03557 rev. 1 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation
Potential Security Impact Remote escalation of privilege on provisioned systems or local escalation of privilege on unprovisioned systems. VULNERABILITY SUMMARY A security vulnerability has been discovered in Intel’s manageability firmware that impacts all Intel OEMs. This vulnerability is a...
HPSBPI03555 rev. 2 - HP PageWide Printers, HP OfficeJet Pro Printers, Arbitrary Code Execution
Potential Security Impact Certain HP PageWide Pro printers and certain HP OfficeJet Pro printers, possible execution of arbitrary code. VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers. This vulnerability could potentially be exploited to execu...
HPSBPI03554 rev. 2 - Certain HP PageWide Pro printers and certain HP OfficeJet Pro printers, Denial of Service, possible execution of arbitrary code
Potential Security Impact Denial of Service, possible execution of arbitrary code VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers. This vulnerability could potentially be exploited to execute arbitrary code or create a denial of service. note:...
HPSBHF03553 rev 2 - HP ThinPro Escalation of Privilege via Command Line Shell
Potential Security Impact Local unauthorized escalation of privilege on an HP thin client device. VULNERABILITY SUMMARY A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system. The vulnerability could result in a local unauthorized...
HPSBGN3552 rev.1 HP Secure Boot UEFI Update
Potential Security Impact Secure Boot Bypass VULNERABILITY SUMMARY HP UEFI update to support Microsoft's enhanced protection of Windows secure boot policies. RESOLUTION HP has provided firmware updates to address the vulnerability for HP PCs with UEFI Firmware. To acquire the firmware updates, go...
HPSBGN3551 rev. 2- HP Hotkey, Escalation of Privilege
Potential Security Impact Elevation of Privilege VULNERABILITY SUMMARY Hotkey Support service used an unquoted service path. An attacker who had physical access to the system may gain elevated privileges by inserting an executable file in the path of the affected service RESOLUTION Download and...
HPSBHF3550 rev. 2 - HP ThinPro Keyboard Layout Control Panel and Virtual Keyboard Application Vulnerability
Potential Security Impact Local unauthorized access and unintentional elevation of privilege on a HP thin client device. VULNERABILITY SUMMARY A potential security vulnerability has been identified with the keyboard layout control panel and virtual keyboard application on HP ThinPro operating...
HPSBHF3549 rev.2 - ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege
Potential Security Impact System downtime, or privilege escalation. Source:HP, HP Product Security Response Team PSRT Reported by: Dmytro Oleksiuk VULNERABILITY SUMMARY A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PC...
HPSBBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege
Potential Security Impact System downtime, or privilege escalation. Source:HP, HP Product Security Response Team PSRT Reported by: Dmytro Oleksiuk VULNERABILITY SUMMARY A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PC...
HPSBHF3548 rev.2 - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER files
Potential Security Impact System downtime, or privilege escalation. Source:HP, HP Product Security Response Team PSRT Reported by: HP VULNERABILITY SUMMARY A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local,...