617 matches found
HPSBHF03604 rev. 2 - Intel Xeon® Platform Firmware Included Unsecure Handling of Certain UEFI Variables
Potential Security Impact Escalation of Privilege, Denial of Service. Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Insecure handling of UEFI variables in Intel® Xeon® Scalable processors, Intel® Xeon® Processor E5 v4 Family, Intel® Xeon® Processor E5...
HPSBHF03603 rev. 3 - Escalation of Privilege via Intel PROSet/Wireless Wi-Fi Software
Potential Security Impact Escalation of privilege Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A potential security vulnerability in Intel® PROSet/Wireless Wi-Fi Software might allow escalation of privilege. Intel has released a software updat...
HPSBHF03602 rev. 4 - Synaptics Touchpad Driver for Windows Can Leak Freed Kernel Memory Pointers
Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Synaptics VULNERABILITY SUMMARY The Synaptics TouchPad driver can reveal freed kernel memory pointers through the driver API. This could be used by an unauthorized third party to weake...
HPSBHF03601 rev. 4 - Arbitrary Code Execution via Intel Smart Sound Technologies Driver
Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY HP has been informed of potential security vulnerabilities in the Intel Smart Sound Technologies driver module prior to version 9.21.00.354. These...
HPSBGN03599 rev. 2 - Certificate Authentication Vulnerability in HP Remote Graphics Software
Potential Security Impact Information disclosure Source : HP, HP Product Security Response Team PSRT Reported by : Rowan Venables VULNERABILITY SUMMARY A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process. RESOLUTION HP has mitigated th...
HPSBHF03600 rev. 2 - Insecure Handling of BIOS and AMT Passwords
Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability has been identified with the Intel platform code firmware included in certain Intel vPro Processor families with AMT...
HPSBHF03598 rev. 6 - EDK II Untested Memory Not Covered by SMM Page Protections
Potential Security Impact Escalation of Privilege, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: TianoCore Bugzilla VULNERABILITY SUMMARY Incorrect handling of memory types in TianoCore firmware potentially allows an attacker with local access to bypass...
HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability
Potential Security Impact Information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Tampere University of Technology, Finland and Technical University, Cuba VULNERABILITY SUMMARY An industry-wide vulnerability has been reported which impacts CPUs that use Simultaneou...
HPSBPI03596 rev. 2 - HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, Execution of Arbitrary Code
Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY Solution application signature checking may allow potential execution of arbitrary code. RESOLUTION HP has provided firmware updates for impacted printers as indicated i...
HPSBHF03595 rev. 6 - LoJax UEFI Rootkit
Potential Security Impact Elevation of Privilege, Information Disclosure, Loss of Confidentiality, Loss of Integrity. Source: HP, HP Product Security Response Team PSRT Reported by: ESET Research VULNERABILITY SUMMARY HP has identified a potential security vulnerability with a UEFI rootkit LoJax...
HPSBHF03594 rev. 4 - Intel Graphics Unified Shader Compiler
Potential Security Impact Elevation of Privilege / Denial of Service Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple potential vulnerabilities in the User Mode driver components of the Intel Graphics Driver Unified Shader Compiler might...
HPSBHF03593 rev. 2 - Firmware Trusted Platform Module (fTPM) for Select AMD Client Systems
Potential Security Impact Unauthorized access, elevation of privilege. Source: HP, HP Product Security Response Team PSRT Reported By: CTS-Labs VULNERABILITY SUMMARY A security vulnerability has been identified in specific versions of the AMD firmware-based Trusted Platform Module fTPM. The fTPM ...
HPSBHF03592 rev. 3 - Intel Converged Security and Management Engine (CSME) and Power Management Controller (PMC) Security Updates
Potential Security Impact Elevation of privilege, information disclosure, denial of service Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities with Intel CSME firmware and PMC firmware have been identified that could potentially place impacted platforms at...
HPSBHF03591 rev. 1 - Intel Wireless Driver DLL Injection Vulnerability
Potential Security Impact Escalation of privilege Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY HP has been notified of a security vulnerability in the installation executables Autorun.exe and Setup.exe for Intel's wireless drivers and related...
HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)
Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A new speculative execution side channel variant has been discovered called L1 Terminal Fault L1TF. There are no repor...
HPSBHF03589 rev. 5 - HP Ink Printers Remote Code Execution
Potential Security Impact Reported by: TBA VULNERABILITY SUMMARY Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. RESOLUTIO...
HPSBHF03588 rev. 1 - Intel Q1 2018 Intel® Active Management Technology 9.x/10.x/11.x Security Review Cumulative Update and Intel® Management Engine 11.x Issue
Potential Security Impact Elevation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel has identified security vulnerabilities that could potentially place affected platforms at risk. The issues affect Intel® Active Management Technology...
HPSBHF03587 rev. 1 - Information Disclosure Vulnerability in Storage Media in Systems with Intel® Optane™ Memory Module with Whole Disk Encryption
Potential Security Impact Some platforms configured with Whole Disk Encryption and an Intel® Optane™ memory module, may be at risk of data remaining unencrypted and potentially accessible under specific conditions. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILIT...
HPSBHF03586 rev. 1 - DCI Policy Update
Potential Security Impact Information disclosure and escalation of privilege via limited physical presence. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel platforms, starting with Skylake, support a USB 3-based debugging interface a.k.a. Direct...
HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM
Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This...
ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM
A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This vulnerability could potentially be exploited remotely to allow remote disclosure of...
HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability
Potential Security Impact Elevation of Privilege, Information Disclosure, Denial of Service. Source: HP, HP Product Security Response Team PSRT, Intel. Reported by: Intel. VULNERABILITY SUMMARY HP has been notified of a security vulnerability in the Bluetooth pairing process potentially allowing ...
HPSBHF03584 rev. 8 - Derivative Side-Channel Analysis Method
Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT Reported By: CVE-2018-3639: Google Project Zero GPZ Microsoft Security Response Center MSRC CVE-2018-3640: Researchers from SYSGO AG and BiZone LLC VULNERABILITY...
HPSBGN03565 rev.1 - Unsecure (http) Transactions in Isaac Mizrahi Smartwatch Mobile App
Potential Security Impact Potential theft of credentials and UI hijack Source: HP, HP Product Security Response Team PSRT Reported by: Jerry Decime VULNERABILITY SUMMARY A potential security vulnerability caused by the use of unsecure http transactions during login has been identified with early...
HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security
Potential Security Impact Information Disclosure Source: University of Leuven Reported by: Intel VULNERABILITY SUMMARY Enhancement to address CVE-2017-13080 and CVE-2017-13081, which is the KRACK vulnerability that affects the security of WPA2 wireless LAN encryption. RESOLUTION A Microsoft...
HPSBHF03581 rev. 4 - AMD Secure Processor and Promontory Chipset Exploits
Potential Security Impact Circumvention of platform security controls, unauthorized access to system memory, installation of difficult to detect malware. Source: CTS Reported By: CTS VULNERABILITY SUMMARY Vulnerability | Description | Impact ---|---|--- MASTERKEY | Attacker who already has...
HPSBPI03580 rev. 2 - Cross Site Request Forgery Vulnerability for Certain HP Enterprise and PageWide Printers
Potential Security Impact Elevation of Privilege. Reported by: Mohamed Abdelbaset Elnoby VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Enterprise and PageWide printers and MFPs. This vulnerability is known as Cross Site Request Forgery and could...
HPSBHF03578 rev. 5 - Intel Graphics Driver - Pointer Dereference / Type Confusion in HECI Service
Potential Security Impact Elevation of Privilege Source: HP, HP Security Response Team PSIRT Reported by: Intel VULNERABILITY SUMMARY CVE-2017-5717: The Intel® Content Protection HECI Service has a Type Confusion vulnerability which potentially can lead to a privilege escalation. The HECI service...
HPSBGN03575 rev. 1 - BIOS Password Extraction Vulnerability on Certain HP Notebooks
Potential Security Impact The unencrypted password was able to be accessed by CMOS tools. Source: HP, HP Product Security Response Team PSRT Reported By: Bader Zaidan VULNERABILITY SUMMARY A BIOS password extraction vulnerability has been reported on certain consumer notebooks. The BIOS password...
HPSBGN03577 rev 1 - Exposure of Application Configuration Details - Tommy Hilfiger TH24/7 Android app
Potential Security Impact Information exposure of application configuration. Reported By: Akshay Jain VULNERABILITY SUMMARY A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered. HP has no access to customer data as a result of...
HPSBHF03576 rev. 3 - Intel AMT MEBx Bypass
Potential Security Impact Elevation of Privilege/Information Disclosure. Reported by: F-Secure, Google VULNERABILITY SUMMARY Un-provisioned Intel® vPro™ platforms containing Intel® Active Management Technology Intel® AMT are vulnerable to unauthorized local provisioning via physical access. The...
HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products
Potential Security Impact Remote disclosure of information. Source:Mathy Vanhoef of imec-DistriNet, KU Leuven VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2. This vulnerabili...
HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities
Potential Security Impact KRACK Attacks VULNERABILITY SUMMARY On October 16, security researchers publicly announced vulnerabilities in the WiFi WPA2 standard. See the References section below for links to additional resources describing the KRACK Attacks WPA2 potential vulnerabilities in detail...
HPSBHF03572 rev. 4 - Unsafe Opcodes Exposed in SPI
Potential Security Impact Denial of Service Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with how the SPI interface is configured on certain platforms. Specific SPI OpCodes may be left accessible and vulnerable to misuse. In the...
HPSBHF03573 rev. 15 - Side-Channel Analysis Method
Potential Security Impact Elevation of Privilege/Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Google Project Zero VULNERABILITY SUMMARY An industry-wide vulnerability, known as side channel analysis method, has been disclosed with modern CPUs using...
HPSBHF03571 rev. 6 - Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability
Potential Security Impact Potential denial of service or escalation of privilege. Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain versions of Intel Active Management Technology, Management Engine Firmware, and Management...
HPSBPI03569 rev 4 - HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers, Execution of arbitrary code
Potential Security Impact Execution of arbitrary code Source: NTT Security Reported By: Stephen Breen VULNERABILITY SUMMARY Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code. RESOLUTION Available Mitigation Settings: The vulnerability can be avoided by...
HPSBHF03564 rev 2 - Synaptics Touchpad Driver Potential, Local Loss of Confidentiality
Potential Security Impact Potential, local loss of confidentiality. Source: Synaptics Reported by: Michael Myng VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would...
HPSBHF03568 rev. 11 - Infineon TPM Security Update
Potential Security Impact Potential loss of confidentiality Source: Infineon VULNERABILITY SUMMARY A security vulnerability was identified in the RSA key generation method used by TPM products listed below. This leaves the keys potentially vulnerable via targeted, computationally expensive attack...
HPSBPI03566 Rev 3 - HP DesignJet, OfficeJet, LaserJet, PageWide, Photosmart Printers, Execution of Arbitrary Code or Denial of Service
Potential Security Impact Execution of arbitrary code or Denial of Service Source: HP Product Security Response Team PSRT Reported by: Check Point Software VULNERABILITY SUMMARY Integer overflow in SOAP Simple Object Access Protocol function in Genivia gSOAP allows execution of arbitrary code or...
HPSBGN03561 rev.2 - HP Support Assistant Potential Escalation of Privilege
Potential Security Impact Escalation of privilege and unauthorized modification of directories or files. Source: HP, HP Product Security Response Team PSRT Reported by: Danny Wei of Tencent's Xuanwu Lab VULNERABILITY SUMMARY The vulnerability allows attacker to extract binaries into protected fil...
HPSBPI03562 rev 1 - HP JetAdvantage Security Manager, Cross-site scripting, Denial of Service
Potential Security Impact HP JetAdvantage Security Manager, Cross-site scripting, Denial of service Reported by: HP VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager. The vulnerabilities could potentially be exploited to allow stor...
HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers
Potential Security Impact Potential exposure of SMTP credentials when configuring HP Designjet and HP Latex printers. Reported by: Nicodemo Gawronski VULNERABILITY SUMMARY HP has identified a potential security vulnerability with some HP Designjet and HP Latex printers that may expose the...
HPSBHF03560 rev 1 - Possible Elevation of Privilege and Information Disclosure via Intel® Software Guard Extensions (Intel® SGX) Vulnerability
Potential Security Impact Elevation of privilege, information disclosure Source: Intel Reported by: Intel VULNERABILITY SUMMARY Intel has discovered a vulnerability that could impact the security of Intel® Software Guard Extensions Intel® SGX. Before exploiting this vulnerability, the malicious...
HPSBPI03556 rev 1 - HP Web Jetadmin, Denial of Service
Potential Security Impact HP Web Jetadmin, potential denial of service Reported by: Konrad Ferbes and Vojtěch Dziewięcki from F-Secure VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Web Jetadmin. This vulnerability could potentially be exploited to create a...
HPSBPI03559 rev 1 - HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS, Cross Site Scripting (XSS)
Potential Security Impact Cross Site Scripting XSS Reported by: Jerry Decime VULNERABILITY SUMMARY HP has identified a potential security vulnerability with certain HP printers. The vulnerability could be exploited to perform a cross site scripting XSS attack. RESOLUTION HP has provided firmware...
HPSBGN03558 rev.9 - Conexant HD Audio Driver Local Debug Log
Potential Security Impact Potential, local loss of confidentiality VULNERABILITY SUMMARY A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. H...
HPSBHF03557 rev. 1 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation
Potential Security Impact Remote escalation of privilege on provisioned systems or local escalation of privilege on unprovisioned systems. VULNERABILITY SUMMARY A security vulnerability has been discovered in Intel’s manageability firmware that impacts all Intel OEMs. This vulnerability is a...
HPSBPI03555 rev. 2 - HP PageWide Printers, HP OfficeJet Pro Printers, Arbitrary Code Execution
Potential Security Impact Certain HP PageWide Pro printers and certain HP OfficeJet Pro printers, possible execution of arbitrary code. VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers. This vulnerability could potentially be exploited to execu...
HPSBPI03554 rev. 2 - Certain HP PageWide Pro printers and certain HP OfficeJet Pro printers, Denial of Service, possible execution of arbitrary code
Potential Security Impact Denial of Service, possible execution of arbitrary code VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers. This vulnerability could potentially be exploited to execute arbitrary code or create a denial of service. note:...