Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03559 rev 1 - HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS, Cross Site Scripting (XSS)

Related Vulnerabilities: CVE-2017-2743  

HP has identified a potential security vulnerability with certain HP printers. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Source
Potential Security Impact:
Cross Site Scripting (XSS)
Reported by: Jerry Decime

VULNERABILITY SUMMARY

HP has identified a potential security vulnerability with certain HP printers. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.
Reference Number
CVE-2017-2743, PSR-2017-0008
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION below for the list of potentially impacted HP products
BACKGROUND
For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com
CVSS 3.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2017-2743
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
7.5 High
RESOLUTION
HP has provided firmware updates for impacted printers as indicated in the table below. To obtain the updated firmware, go to www.hp.com and follow these steps:
  1. Select Support from the top of the page, then select Software & drivers.
  2. Enter the appropriate product name or model number from the table below into the search field.
  3. Click on Find.
  4. Scroll down and click Firmware from the category list.
  5. Click the Download button next to the firmware update and save it to location where it can be easily retrieved.
  6. Download the README file and review the Installation Instructions section to learn how to install the firmware update.
Product Name
Model
Firmware update version
HP Color LaserJet CM4540 MFP
CC419A, CC420A, CC421A
v 2308214_000901 (or higher)
HP Color LaserJet CP5525
CE707A,CE708A,CE709A
v 2308214_000900 (or higher)
HP LaserJet Enterprise M4555 MFP
CE503A, CE504A, CE738A
v 2308214_000904 (or higher)
HP LaserJet Enterprise 600 M601
CE989A, CE990A
v 2308214_000926 (or higher)
HP LaserJet Enterprise 600 M602
CE991A, CE992A, CE993A
v 2308214_000926 (or higher)
HP LaserJet Enterprise 600 M603xh
CE994A, CE995A, CE996A
v 2308214_000926 (or higher)
HP LaserJet Enterprise Color 500 M551 Series
CF081A,CF082A,CF083A
v 2308214_000927 (or higher)
HP Scanjet Enterprise 8500 Document Capture Workstation
L2717A
v 2308214_000903 (or higher)
HP LaserJet Enterprise 500 color MFP M575dn
CD644A, CD645A
v 2308214_000925 (or higher)
HP LaserJet Enterprise 500 MFP M525f
CF116A, CF117A
v 2308214_000913 (or higher)
HP LaserJet Enterprise 700 color MFP M775 series
CC522A, CC523A, CC524A
v 2308214_000932 (or higher)
HP LaserJet Enterprise 700 M712xh
CF235A, CF236A, CF238A
v 2308214_000922 (of higher)
HP LaserJet Enterprise color flow MFP M575c
CD646A
v 2308214_000925 (or higher)
HP LaserJet Enterprise flow MFP M525c
CF118A
v 2308214_000913 (or higher)
HP LaserJet Enterprise MFP M725
CF066A, CF067A, CF068A, CF069A
v 2308214_000921 (or higher)
HP Color LaserJet Enterprise M750
D3L08A, D3L09A, D3L10A
v 2308214_000931 (or higher)
HP LaserJet Enterprise 800 color M855
A2W77A, A2W78A, A2W79A
v 2308214_000930 (or higher)
HP LaserJet Enterprise 800 color MFP M880
A2W76A, A2W75A, D7P70A, D7P71A
v 2308214_000928 (or higher)
HP LaserJet Enterprise flow M830z MFP
CF367A
v 2308214_000916 (or higher)
HP LaserJet Enterprise M806
CZ244A, CZ245A
v 2308214_000920 (or higher)
HP Color LaserJet Enterprise M651
CZ255A, CZ256A, CZ257A, CZ258A
v 2308214_000929 (or higher)
HP Color LaserJet M680
CZ250A, CZ251A
v 2308214_000915 (or higher)
HP OfficeJet Enterprise Color MFP X585
B5L04A, B5L05A, B5L07A
v 2308214_000902 (or hihger)
HP OfficeJet Enterprise Color X555
C2S11A, C2S12A
v 2308214_000906 (or higher)
HP LaserJet Enterprise MFP M630
J7X28A
v 2308214_000912 (or higher)
HP Color LaserJet Enterprise M552
B5L23A
v 2308214_000907 (or higher)
HP Color LaserJet Enterprise M553
B5L24A, B5L25A, B5L26A
v 2308214_000907 (or higher)
HP LaserJet Enterprise M604
E6B67A, E6B68A
v 2308214_000908 (or higher)
HP LaserJet Enterprise M605
E6B69A, E6B70A, E6B71A
v 2308214_000908 (or higher)
HP LaserJet Enterprise M606
E6B72A, E6B73A
v 2308214_000908 (or higher)
HP LaserJet Enterprise Flow MFP M630z
B3G85A
v 2308214_000912 (or higher)
HP Color LaserJet Enterprise MFP M577
B5L46A, B5L47A, B5L48A
v 2308214_000909 (or higher)
HP LaserJet Enterprise M506
2A68A, F2A69A, F2A70A, F2A71A
v 2308214_000911 (or higher)
HP LaserJet Enterprise M527
F2A76A, F2A77A, F2A81A
v 2308214_000905 or higher)
HP PageWide Enterprise Color X556
G1W46A, G1W46V, G1W47A, G1W47V, L3U44A
v 2308214_000910 (or higher)
HP PageWide Enterprise Color MFP X586
G1W40A, G1W39A, G1W41A, L3U43A, L3U42A
v 2308214_000923 (or higher)
...
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send an e-mail to hp-security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send email to: hp­security­alert@hp.com.
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc_profile.
Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
PI
HP Printing and Imaging
HF
HP Hardware and Firmware
ST
HP Storage Software
GN
HP General Software
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: hp-security-alert@hp.com.
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: hp-security-alert@hp.com
Subject: get key
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
REVISION HISTORY : 15 June 2017: Initial release. 28 June 2017: Edited firmware update version for HP LaserJet Enterprise 700 color MFP M775 series and HP Color LaserJet Enterprise M750; Edited update instructions for clarity.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started