Related Vulnerabilities: CVE-2016-1503

A potential security vulnerability has been identified with certain HP printers. This vulnerability could potentially be exploited to execute arbitrary code or create a denial of service. note: This vulnerability was detected in specific versions of a 3rd party product that is embedded within some HP printers. This bulletin notifies HP customers about impacted products.

Source

Potential Security Impact:

Denial of Service, possible execution of arbitrary code

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with certain HP printers. This vulnerability could potentially be exploited to execute arbitrary code or create a denial of service.

note:
This vulnerability was detected in specific versions of a 3rd party product that is embedded within some HP printers. This bulletin notifies HP customers about impacted products.

Reference Number

CVE-2016-1503

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Please refer to the RESOLUTION section for a list of impacted products.

BACKGROUND

For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com

CVSS 3.0 Base Metrics

Reference	Base Vector	Base Score
CVE-2016-1503	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8

Information on CVSS is documented in HP Customer Notice: HPSN2008002.

RESOLUTION

HP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software.

Product Name	Model	Firmware update version
HP PageWide Managed MFP P57750dw	J9V82A J9V82B J9V82C J9V82D	1629F (or higher)
HP PageWide Managed P55250dw	J6U55A J6U55B J6U55C J6U55D	1629F (or higher)
HP PageWide Pro MFP 577z	K9Z76A K9Z76D	1629F (or higher)
HP PageWide Pro 552dw	D3Q17A D3Q17C D3Q17D	1629F (or higher)
HP PageWide Pro MFP 577dw	D3Q21A D3Q21C D3Q21D	1629F (or higher)
HP PageWide Pro MFP 477dw	D3Q20A D3Q20B D3Q20C D3Q20D	1629F (or higher)
HP PageWide Pro 452dw	D3Q16A D3Q16B D3Q16C D3Q16D	1629F (or higher)
HP PageWide Pro MFP 477dn	D3Q19A D3Q19D	1629F (or higher)
HP PageWide Pro 452dn	D3Q15A D3Q15B D3Q15D	1629F (or higher)
HP PageWide MFP 377dw	J9V80A J9V80B	1629F (or higher)
HP PageWide 352dw	J6U57B	1629F (or higher)
HP OfficeJet Pro 8710 All-in-One Printer	D9L18A M9L66A M9L67A	1644B (or higher)
HP OfficeJet Pro 8720 All-in-One Printer	D9L19A M9L74A M9L75A	1644B (or higher)
HP OfficeJet Pro 8730 All-in-One Printer	D9L20A	1644B (or higher)
HP OfficeJet Pro 8740 All-in-One Printer	D9L21A	1644B (or higher)
HP OfficeJet Pro 8711 All-in-One Printer	M9L68A	1644B (or higher)
HP OfficeJet Pro 8715 All-in-One Printer	J6X76A J6X78A J6X80A K7S37A M9L70A	1644B (or higher)
HP OfficeJet Pro 8716 All-in-One Printer	J6X77A	1644B (or higher)
HP OfficeJet Pro 8717 All-in-One Printer	K7S38A	1644B (or higher)
HP OfficeJet Pro 8718 All-in-One Printer	T0G47A T0G48A	1644B (or higher)
HP OfficeJet Pro 8719 All-in-One Printer	T0G49A	1644B (or higher)
HP OfficeJet Pro 8725 All-in-One Printer	J7A28A J7A31A K7S34A K7S35A M9L80A	1644B (or higher)
HP OfficeJet Pro 8727 All-in-One Printer	K7S36A	1644B (or higher)
HP OfficeJet Pro 8728 All-in-One Printer	T0G54A	1644B (or higher)
HP OfficeJet Pro 8210 Printer	D9L63A D9L64A	1617C (or higher)
HP OfficeJet Pro 8216 Printer	T0G70A	1617C (or higher)
HP OfficeJet Pro 8218 Printer	J3P68A	1617C (or higher)

...

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc_profile.

Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

PI	HP Printing and Imaging
HF	HP Hardware and Firmware
GN	HP General Software

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

To get the security-alert PGP key, please send an e-mail message as follows:

To: hp-security-alert@hp.com

Subject: get key

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

REVISION HISTORY : Version:1 (rev.1) - 26 January 2017: Initial release; Version:2 (rev.2) - 3 July 2017 Fixed broken links and processes caused by portal upgrade

SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03554 rev. 2 - Certain HP PageWide Pro printers and certain HP OfficeJet Pro printers, Denial of Service, possible execution of arbitrary code

Vulmon Search

About

Products

Connect