Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03589 rev. 5 - HP Ink Printers Remote Code Execution

Related Vulnerabilities: CVE-2018-5924   CVE-2018-5925  

Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.

Source
Potential Security Impact:
Reported by: TBA

VULNERABILITY SUMMARY

Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.
Reference Number
CVE-2018-5924, CVE-2018-5925, PSR-2018-0072
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
See RESOLUTION section.
BACKGROUND
For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com
CVSS 3.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2018-5924
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical)
CVE-2018-5925
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical)
RESOLUTION
HP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software.
For guidance on how to update your product firmware, go to the Upgrading Printer Firmware page and follow the instructions provided.
PageWide Pro
Product Name
Product Number
Firmware Revision
HP PageWide 352dw
J6U57B
001.1829A
HP PageWide Managed MFP P57750dw
J9V82A
J9V82B
J9V82C
J9V82D
001.1829A
HP PageWide Managed MFP P77740dn
Y3Z57
005.1828A
HP PageWide Managed MFP P77740dw
W1B33
005.1828A
HP PageWide Managed MFP P77740z
W1B39
005.1828A
HP PageWide Managed MFP P77750z
W1B37
005.1828A
HP PageWide Managed MFP P77760z
W1B38
005.1828A
HP PageWide Managed P55250dw
J6U55A
J6U55B
J6U55C
J6U55D
001.1829A
HP PageWide Managed P75050dn
Y3Z45
005.1828A
HP PageWide Managed P75050dw
Y3Z47
005.1828A
HP PageWide MFP 377dw
J9V80A
J9V80B
001.1829A
HP PageWide Pro 452dn
D3Q15A
D3Q15B
D3Q15D
001.1829A
HP PageWide Pro 552dw
D3Q17A
D3Q17C
D3Q17D
001.1829A
HP PageWide Pro 750dn
Y3Z46
005.1828A
HP PageWide Pro 750dw
Y3Z44
005.1828A
HP PageWide Pro MFP 477dn
D3Q19A
D3Q19D
001.1829A
HP PageWide Pro MFP 477dw
D3Q20A
D3Q20B
D3Q20C
D3Q20D
001.1829A
HP PageWide Pro MFP 577dw
D3Q21A
D3Q21C
D3Q21D
001.1829A
HP PageWide Pro MFP 577z
K9Z76A
K9Z76D
001.1829A
HP PageWide Pro MFP 772dn
W1B31
005.1828A
HP PageWide Pro MFP 772dw
Y3Z54
005.1828A
HP PageWide Pro 452dw
D3Q16A
D3Q16B
D3Q16C
D3Q16D
001.1829A
HP Officejet Pro X451dn Printer
CN459A
1829B
HP Officejet Pro X451dw Printer
CN463A
1829B
HP Officejet Pro X476dn MFP
CN460A
1829B
HP Officejet Pro X476dw MFP
CN461A
1829B
HP Officejet Pro X551dw Printer
CV037A
1829B
HP Officejet Pro X576dw MFP
CN598A
1829B
HP DesignJet
Product Name
Product Number
Firmware Revision
HP DesignJet rugged case
N9M07A
1829A
HP Designjet T120 24-in ePrinter
CQ891A
1829B
HP Designjet T120 24-in Printer
CQ891B
1829B
HP Designjet T120 24-in Printer (2018 edition)
CQ891C
1829B
HP Designjet T120 24-in Rmkt ePrinter
CQ891AR
1829B
HP Designjet T520 24-in ePrinter
CQ890A
1829B
HP Designjet T520 24-in Printer
CQ890B
1829B
HP Designjet T520 24-in Printer (2018 edition)
CQ890C
1829B
HP Designjet T520 24-in Printer (2018 edition)
CQ890D
1829B
HP Designjet T520 24-in Printer (2018 edition, legless)
CQ890E
1829B
HP Designjet T520 24-in Rmkt ePrinter
CQ890AR
1829B
HP Designjet T520 36-in ePrinter
CQ893A
1829B
HP Designjet T520 36-in Printer
CQ893B
1829B
HP Designjet T520 36-in Printer (2018 edition)
CQ893C
1829B
HP Designjet T520 36-in Printer (2018 edition, legless)
CQ893E
1829B
HP Designjet T520 36-in Rmkt ePrinter
CQ893AR
1829B
HP DesignJet T730 36in Printer
F9A29A
1829A
HP DesignJet T730 36in Printer
F9A29B
1829A
HP Designjet T730 with Rugged Case
T5D66A
1829A
HP DesignJet T830 24in eMFP Printer
F9A28A
1829A
HP DesignJet T830 24-in MFP Printer
F9A28B
1829A
HP DesignJet T830 MFP with Armor Case
1JL02B
1829A
HP DesignJet T830 MFP with Armour Case
1JL02A
1829A
HP DesignJet T830 MFP with Rugged Case
T5D67A
1829A
HP Officejet, HP Deskjet and HP Envy
Product Name
Product Number
Firmware Revision
HP AMP 100 Printer series
T8X39 - T8X44
1SH08
3AW44A - 3AW51A
1828A
HP Deskjet 2540 All-in-One series
A9U19A - A9U28B
D3A78B - D3A82A
1828B
HP DeskJet 2600 All-in-One Printer series
4UJ28B
V1N01A - V1N08A
Y5H60A - Y5H80A
1828A
HP Deskjet 2620 Ink Advantage series
D4H22A - D4H24B
1826A
HP Deskjet 3540 series
A9T81A
A9T81C
A9T83B
1828A
HP DeskJet 3630 series
F5S43A - F5S57A
K4T93A - K4T99B
K4U00B - K4U04B
1829A
HP DeskJet 3700 All-in-One Printer series
J9V86A - J9V96A
T8W51A - T8W73A
1828A
HP Deskjet 4510 series
A9J41 - A9J43
1828B
HP DeskJet 4530 series
F0V64 - F0V66
J6U63
W3U23 - W3U24
1827B
HP DeskJet 4720 series
F5S65A - F5S66A
L8L91A
1829A
HP DeskJet 5000 series
M2U86 - M2U90
1828A
HP DeskJet 5275 All-in-One Printer
M2U76 - M2U80
1828A
HP DeskJet 5640 series
B9S57C
1831A
HP DeskJet 5730 series
F5S60A - F5S61A
T0A23A - T0A25A
1829A
HP DeskJet GT 5820 All-in-One Printer series
M2Q28A
P0R21A
X3B09A
2ND31A
1829A
HP Deskjet Ink Advantage 2540 All-in-One
A9U23 - A9U28
1828B
HP DeskJet Ink Advantage 2600 All-in-One Printer
V1N02A - V1N02C
Y5Z00A - Y5Z07B
1828A
HP DeskJet Ink Advantage 3630 All-in-One Printer
F5S43 - F5S57
K9U05B
1829A
HP DeskJet Ink Advantage 3700 All-in-One Printer series
1DT61A - 1DT62A
3YZ74A - 3YZ75A
4SC29A - 4SC30A
J9V87A - J9V89B
T8W35A - T8W50C
1828A
HP Deskjet Ink Advantage 3830 e-All-in-One Printer
F5R96A - F5R98B
K7V42C - K7V43C
1830A
HP Deskjet Ink Advantage 4615 All-in-One Printer
CZ283A - CZ283C
1829A
HP Deskjet Ink Advantage 4625 e-All-in-One
CZ284A - CZ284C
1829A
HP Deskjet Ink Advantage 4640 e-All-in-One Printer series
B4L08A - B4L10A
1830A
HP DeskJet Ink Advantage 4670 All-in-One Printer
F1H97 - F1H199
1830A
HP Deskjet Ink Advantage 5525 e-All-in-One
CZ282A - CZ282C
1828B
HP DeskJet Ink Advantage 5570 All-in-One printer
G0V48B
G0V48C
1831A
HP Deskjet Ink Advantage 6525 e-All-in-One
CZ276A - CZ76C
1828B
HP Envy 120 Series
CQ176 - CQ190
1827A
HP ENVY 4500 series
A9T80A
A9T80B
A9T89A
D3P93A
1828A
HP ENVY 4510 All-in-One Printer
K9H48 - K9H57
1827B
HP ENVY 4520 series
F0V63
F0V67 - F0V74
K9T01 - K9T10
J6U59 - J6U62
J6U69 - J6U70
K9H57
W3U25 - W3U27
1827B
HP ENVY 5000 series
M2U85
M2U91-M2U94
Z4A54 - Z4A78
1828A
HP ENVY 5530 series
A9J40A - A9J48B
D4J85B - D4J86B
1828B
HP ENVY 5540 All-in-One Printer
G0V47
G0450 - G0V56
K7C84 - K7C93
K7G86 - K7G90
1831A
HP ENVY 5640 series
B9S56A
B9S58A - B9S65A
F8B05A
F8B13A
1830B
HP ENVY 5660 series
F8B04A
F8B06A - F8B08A
F8B12A
1830B
HP ENVY 7640 series
E4W43-E4W48
1830A
HP ENVY Photo 7800 All-in-One Printer series
K7R96A
K7S00 - K7S10
Y0G42 - Y0G52
1829A
HP ENVY Photo 6200 All-in-One Printer series
K7G18A-K7G29A
1829D
HP ENVY Photo 7100 All-in-One Printer series
K7G93A-K7G99
1829D
HP Ink Tank 310
Z6Z11A
1737J
1805J
HP Ink Tank Wireless 410
Z4B53A - Z4B55A
Z6Z95A
Z6Z97A
1737J
1805J
HP OfficeJet 200 Mobile series
CZ993A
L9B95A
1827A
HP OfficeJet 202 Mobile series
N4L14C
N4K99C
1827A
HP OfficeJet 250 Mobile All-in-One Printer series
CZ992A
L9D57A
N4L17A
1828A
HP OfficeJet 252 Mobile All-in-One
N4L18C
1828A
HP Officejet 2620 series
D4H21A - D4H21B
D4H25A - D4H29B
1826A
HP Officejet 3830 e-All-in-One Printer
F5R95
F5S00 - F5S04
K7V35 - K7V49
1830A
HP Officejet 4610 e-All-in-One Printer
CR771A
1829A
HP Officejet 4620 e-All-in-One Printer
CZ152A - CZ152C
1829A
HP Officejet 4622 e-All-in-One Printer
CZ294A - CZ296B
1829A
HP Officejet 4630 e-All-in-One Printer series
B4L03 - B4L07A
D4J74 - D4J78
1830A
HP OfficeJet 4650 All-in-One Printer
F1H96
F1J00 - F1J07
F9D36 - F9D38
K9V76 - K9V85
V6D27- V6D32
1830A
HP OfficeJet 5200 All-in-One Printer
M2U75
M2U81-M2U84
Z4B12 - Z4B36
1828A
HP Officejet 5740 series
B9S76-B9S85
F8B09-F8B11
T1P36-T1P38
1830A
HP Officejet 6220 / HP Officejet Pro 6230 ePrinter
E3E03A
C9S13A
1827A
HP OfficeJet 6600 e-All-in-One
CN581A
1827D
HP OfficeJet 6700 Premium e-All-in-One
CN583A
1827D
HP Officejet 6810/6820 e-All-in-One Printer
F0M65A
G1W52A
1828A
HP OfficeJet 6950 All-in-One
P4C78A - P4C87A
T3P03A
T3P04A
1828A
HP OfficeJet 6960 All-in-One
HP OfficeJet Pro 6960 All-in-One
J7K33A - J7K39A
T0F28A - T0F38A
T0G25A - T0G26A
1828A
HP Officejet 7110 Wide Format ePrinter
CR768A
1827A
HP Officejet 7510 Wide Format All-in-One Printer
G3J47A
1829A
HP Officejet 7610 series Wide Format e-All-in-One Printer
CR769A
1828B
HP Officejet 7612 Wide Format e-All-in-One
G1X85A
1829A
HP Officejet Pro 251dw Printer
CV136A
1828A
HP Officejet Pro 276dw Multifunction Printer
CR7770A
1829A
HP Officejet Pro 3610 Black and White Printer
CZ292A
1828A
HP Officejet Pro 3620 Black and White Printer
CZ293A
1828A
HP Officejet Pro 6830 e-All-in-One Printer
E3E02A
J2D37A
1828A
HP OfficeJet Pro 6970 All-in-One Printer
J7K34A - J7K42A
T0F29A - T0F40A
1828A
HP OfficeJet Pro 7720 Wide Format All-in-One
Y0S18A
1830A
HP OfficeJet Pro 7730 Wide Format All-in-One
Y0S19A
1830A
HP OfficeJet Pro 7740 Wide Format All-in-One
G5J38A
T1P99
T1Q00 - T1Q02
1828A
HP OfficeJet Pro 8210 Printer
HP OfficeJet Pro 8216
D9L63A
D9L64A
T0G70A
J3P68A
1827B
HP OfficeJet Pro 8600 e-All-in-One
CM749A
1829A
HP OfficeJet Pro 8600 Plus e-All-in-One
CM750A
1829A
HP OfficeJet Pro 8600 Premium e-All-in-One
CN577A
1829A
HP Officejet Pro 8610 e-All-in-One Printer
A7F64A
D7Z36A
E1D34A
J5T77A
T0K98A
1828A
HP Officejet Pro 8620 e-All-in-One Printer
A7F65A
D7Z37A
1828A
HP Officejet Pro 8630 e-All-in-One Printer
A7F66A
1828A
HP Officejet Pro 8640 e-All-in-One Printer
E2D42A
1828B
HP Officejet Pro 8660 e-All-in-One Printer
E1D36A
1828A
HP OfficeJet Pro 8710 All-in-One Printer
D9L18A
J6X76A - J6X78A
J6X80A - J6X81A
K7S37A - K7S38A
M9L65A - M9L66A
M9L70A
M9L81A
T0G45A - T0G49A
1828A
HP OfficeJet Pro 8720 All-in-One Printer
D9L19A
J7A28A
J7A31A
K7S34A - K7S36A
M9L73A - M9L75A
M9L80A
T0G50A - T0G51A
T0G54A
T6T77A
1828A
HP OfficeJet Pro 8730
D9L20A
1827B
HP OfficeJet Pro 8732M All-in-One Printer
T0G56A - T0G59A
1827A
HP OfficeJet Pro 8740
K7S42A
1827B
HP Photosmart 5510 series
CQ176A-CQ184A
1832A
HP Photosmart 5510 series (Asian Keyboard)
CQ176A-CQ184A
1829A
HP Photosmart 5510d series
CQ183A-CQ183C
1829B
HP Photosmart 5520 series e-All-in-One
HP Photosmart 5521 e-All-in-One
HP Photosmart 5522 e-All-in-One
HP Photosmart 5524 e-All-in-One
HP Photosmart 5525 e-All-in-One
CX042 - CX049
1828B
HP Photosmart 6510 series
CQ761A-CQ764C
1829B
HP Photosmart 6520 e-All-in-One
CX017A - CX021C
1828B
HP Photosmart 7520 series
CZ025A
CZ045A - CZ046A
1830A
HP Photosmart Plus All-in-One B210 series
CN216A - CN223A
1829A
HP Smart Tank Wireless 450
Z4B07A
Z4B56A
1737J
1805J
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, visit https://www.hp.com/go/contacthp to learn about your HP support options.
Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://www.hp.com/go/alerts.
Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
PI
HP Printing and Imaging
HF
HP Hardware and Firmware
GN
HP General Software
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: hp-security-alert@hp.com
Subject: get key
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
REVISION HISTORY : 1 August 2018: Initial Release. 2 August 2018: Updated product table. 10 August 2018: Updated product table. 13 August 2018: Updated product table. 18 October 2018: Updated product table.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started