Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03596 rev. 2 - HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, Execution of Arbitrary Code

Related Vulnerabilities: CVE-2018-5923  

Solution application signature checking may allow potential execution of arbitrary code.

Source
Potential Security Impact:
Execution of arbitrary code.
Source: HP, HP Product Security Response Team (PSRT)

VULNERABILITY SUMMARY

Solution application signature checking may allow potential execution of arbitrary code.
Reference Number
CVE-2018-5923, PSR-2018-0047
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION below for the list of potentially impacted HP products.
BACKGROUND
For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com.
CVSS 3.0 Base Metrics
CVE-2018-5923
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
RESOLUTION
HP has provided firmware updates for impacted printers as indicated in the table below. To obtain the updated firmware, go to www.hp.com and follow these steps:
  1. Select Support from the top of the page, and then select Software & drivers.
  2. Click Printer, and then type the appropriate product name or model number from the table below into the search field.
  3. Click Submit.
  4. Scroll down and click Firmware from the category list.
  5. Click Download for the appropriate firmware.
note:
Some FutureSmart printers have two available firmware platforms: FutureSmart 3 (FS3) and FutureSmart 4 (FS4). Select the appropriate firmware version for the required FutureSmart platform.
Temporary Mitigation Settings:
The vulnerability can be prevented in the short term by either of the following actions:
  • Set an Embedded Web Server (EWS) administrator password
    Browse to the printer EWS, select the Security tab, and then set the password in the Local Administrator Password section.
  • Disable the "Allow firmware upgrades sent as print jobs (Port 9100)" setting
    Browse to the printer EWS, select the Security tab, and then disable the setting in the Firmware Upgrade Security section.
These recommendations are documented in HP Printing Security Best Practices for HP LaserJet Enterprise Printers.
See page 35 for EWS administrator password configuration.
See page 37 for Allow firmware upgrades sent as print jobs configuration.

Firmware update table

Product name
Product number
Firmware revision
HP Color LaserJet CM4540 MFP
CC419A, CC420A, CC421A
FS3: 2308974_579754 (or higher)
HP Color LaserJet CP5525
CE707A, CE708A, CE709A
FS3: 2308974_579753 (or higher)
HP Color LaserJet Enterprise Flow MFP M681f, z
J8A12A, J8A13A
FS4: 2406087_000017 (or higher)
HP Color LaserJet Enterprise Flow MFP M682z
J8A17A
FS4: 2406087_000017 (or higher)
HP Color LaserJet Enterprise M552
B5L23A
FS3: 2308974_579763 (or higher)
HP Color LaserJet Enterprise M553
B5L24A, B5L25A, B5L26A
FS3: 2308974_579763 (or higher)
HP Color LaserJet Enterprise M651
CZ255A, CZ256A, CZ257A, CZ258A
FS3: 2308974_579770 (or higher)
FS4: 2406048_029632 (or higher)
HP Color LaserJet Enterprise M652n, dn
J7Z98A, J7Z99A
FS4: 2406087_000016 (or higher)
HP Color LaserJet Enterprise M653dn, dh, x
J8A04A, J8A05A, J8A06A
FS4: 2406087_000016 (or higher)
HP Color LaserJet Enterprise M750
D3L08A, D3L09A, D3L10A
FS3: 2308974_579776 (or higher)
HP Color LaserJet Enterprise MFP M577
B5L46A, B5L47A, B5L48A, B5L49A, B5L50A, B5L54A
FS3: 2308974_579760 (or higher)
FS4: 2406048_029627 (or higher)
HP Color LaserJet Enterprise MFP M681dh, f
J8A10A, J8A11A
FS4: 2406087_000017 (or higher)
HP Color LaserJet Enterprise MFP M682dh
J8A16A
FS4: 2406087_000017 (or higher)
HP Color LaserJet M680
CZ250A, CA251A, CZ248A, CZ249A
FS3: 2308974_579771 (or higher)
FS4: 2406048_029633 (or higher)
HP Color LaserJet Managed E55040dw
3GX98A
FS4: 2406048_029643 (or higher)
HP Color LaserJet Managed E65050dn
L3U55A
FS4: 2406087_000016 (or higher)
HP Color LaserJet Managed E65060dn, x
L3U56A, L3U57A
FS4: 2405130_000068 (or higher)
HP Color LaserJet Managed Flow MFP E57540c
3GY26A
FS4: 2406048_029627 (or higher)
HP Color LaserJet Managed Flow MFP E67550f
L3U67A
FS4: 2406087_000017 (or higher)
HP Color LaserJet Managed Flow MFP E67560z
L3U70A
FS4: 2406087_000017 (or higher)
HP Color LaserJet Managed Flow MFP E77822/25/30z
X3A77A, X3A80A, X3A83A
FS4: 2406048_029616 (or higher)
HP Color LaserJet Managed flow MFP E87640/50/60z
X3A86A, X3A89A, X3A92A
FS4: 2406048_029615 (or higher)
HP Color LaserJet Managed Flow MFP E87640z
X3A86A, X3A89A, X3A92A
FS4: 2406048_029615 (or higher)
HP Color LaserJet Managed MFP E57540dn
3GY25A
FS4: 2406048_029627 (or higher)
HP Color LaserJet Managed MFP E67550dh
L3U66A
FS4: 2406087_000017 (or higher)
HP Color LaserJet Managed MFP E67560dh
L3U69A
FS4: 2406087_000017 (or higher)
HP Color LaserJet Managed MFP E77822/25/30dn
X3A78A, X3A81A, X3A84A
FS4: 2406048_029616 (or higher)
HP Color LaserJet Managed MFP E87640/50/60dn
X3A87A, X3A90A, X3A93A
FS4: 2406048_029615 (or higher)
HP Color LaserJet Managed MFP E87640dn
X3A87A, X3A90A, X3A93A
FS4: 2406048_029615 (or higher)
HP Digital Sender Flow 8500 fn2 Document Capture Workstation
L2762A
FS3: 2308937_578483 (or higher)
FS4: 2406048_029623 (or higher)
HP LaserJet Enterprise 500 color MFP M575dn
CD644A, CD645A
FS3: 2308974_579774 (or higher)
FS4: 2406048_029634 (or higher)
HP LaserJet Enterprise 500 MFP M525f
CF116A, CF117A, L3U59A, L3U60A
FS3: 2308974_579765 (or higher)
FS4: 2406048_029635 (or higher)
HP LaserJet Enterprise 600 M601
CE989A, CE990A
FS3: 2308974_579777 (or higher)
HP LaserJet Enterprise 600 M602
CE991A, CE992A, CE993A
FS3: 2308974_579777 (or higher)
HP LaserJet Enterprise 600 M603xh
CE994A, CE995A, CE996A
FS3: 2308974_579777 (or higher)
HP LaserJet Enterprise 700 color MFP M775 series
CC522A, CC523A, CC524A
FS3: 2308974_579779 (or higher)
HP LaserJet Enterprise 700 M712xh
CF235A, CF236A, CF238A
FS3: 2308974_579775 (or higher)
HP LaserJet Enterprise 800 color M855
A2W77A, A2W78A, A2W79A, D7P73A
FS3: 2308974_579768 (or higher)
FS4: 2406048_029621 (or higher)
HP LaserJet Enterprise 800 color MFP M880
A2W76A, A2W75A, D7P70A, D7P71A, D7P68A, L3U51A, L3U52A, L3U65A
FS3: 2308974_579767 (or higher)
FS4: 2406048_029641 (or higher)
HP LaserJet Enterprise Color 500 M551 Series
CF081A, CF082A, CF083A
FS3: 2308974_579778 (or higher)
HP LaserJet Enterprise color Flow MFP M575c
CD646A
FS3: 2308974_579774 (or higher)
FS4: 2406048_029634 (or higher)
HP LaserJet Enterprise Flow M830z MFP
CF367A
FS3: 2308974_579769 (or higher)
FS4: 2406048_029645 (or higher)
HP LaserJet Enterprise Flow MFP M525c
CF118A
FS3: 2308974_579765 (or higher)
FS4: 2406048_029635 (or higher)
HP LaserJet Enterprise Flow MFP M630z
B3G85A
FS3: 2308974_579755 (or higher)
FS4: 2406048_029631 (or higher)
HP LaserJet Enterprise Flow MFP M631h
J8J64A
FS4: 2406048_029629 (or higher)
HP LaserJet Enterprise Flow MFP M632z
J8J72A
FS4: 2406048_029629 (or higher)
HP LaserJet Enterprise Flow MFP M633z
J8J78A
FS4: 2406048_029629 (or higher)
HP LaserJet Enterprise M4555 MFP
CE503A, CE504A, CE738A
FS3: 2308974_579757 (or higher)
HP LaserJet Enterprise M506
F2A68A, F2A69A, F2A70A, F2A71A,
FS3: 2308974_579764 (or higher)
HP LaserJet Enterprise M604
E6B67A, E6B68A
FS3: 2308974_579762 (or higher)
HP LaserJet Enterprise M605
E6B69A, E6B70A. E6B71A
FS3: 2308974_579762 (or higher)
HP LaserJet Enterprise M606
E6B72A, E6B73A
FS3: 2308974_579762 (or higher)
HP LaserJet Enterprise M607n, dn
K0Q14A, K0Q15A 
FS4: 2406048_029638 (or higher)
HP LaserJet Enterprise M608n, dn, dh, x
K0Q17A, K0Q18A, M0P32A, K0Q19A
FS4: 2406048_029638 (or higher)
HP LaserJet Enterprise M609dh, dn, x
K0Q20A, K0Q21A, K0Q22A
FS4: 2406048_029638 (or higher)
HP LaserJet Enterprise M806
CZ244A, CZ245A
FS3: 2308974_579772 (or higher)
FS4: 2406048_029646 (or higher)
HP LaserJet Enterprise MFP M527
F2A76A, F2A77A, F2A81A
FS3: 2308974_579761 (or higher)
FS4: 2406048_029628 (or higher)
HP LaserJet Enterprise MFP M630
J7X28A, B3G84A, B3G86A
FS3: 2308974_579755 (or higher)
FS4: 2406048_029631 (or higher)
HP LaserJet Enterprise MFP M631dn, z
J8J63A, J8J65A
FS4: 2406048_029629 (or higher)
HP LaserJet Enterprise MFP M632h, fht
J8J70A, J8J71A        
FS4: 2406048_029629 (or higher)
HP LaserJet Enterprise MFP M633fh
J8J76A
FS4: 2406048_029629 (or higher)
HP LaserJet Enterprise MFP M725
CF066A, CF067A, CF068A, CF069A
FS3: 2308974_579773 (or higher)
FS4: 2406048_029644 (or higher)
HP LaserJet Managed E50045dw
3GN19A
FS4: 2406048_029640 (or higher)
HP LaserJet Managed E60055dn
M0P33A
FS4: 2406048_029638 (or higher)
HP LaserJet Managed E60065dn, x
M0P35A, M0P36A
FS4: 2406048_029638 (or higher)
HP LaserJet Managed E60075dn, x
M0P39A, M0P40A
FS4: 2406048_029638 (or higher)
HP LaserJet Managed Flow MFP E52545c
3GY20A
FS4: 2406048_029628 (or higher)
HP LaserJet Managed Flow MFP E62555dn
J8J67A
FS4: 2406048_029629 (or higher)
HP LaserJet Managed Flow MFP E62565h, z
J8J74A, J8J79A
FS4: 2406048_029629 (or higher)
HP LaserJet Managed Flow MFP E62575z
J8J80A
FS4: 2406048_029629 (or higher)
HP LaserJet Managed Flow MFP E72525/30/35z
X3A59A, X3A62A, X3A65A
FS4: 2406048_029614 (or higher)
HP LaserJet Managed Flow MFP E82540/50/60z
X3A68A, X3A71A, X3A74A
FS4: 2406048_029617 (or higher)
HP LaserJet Managed MFP E52545dn
3GY19A
FS4: 2406048_029628 (or higher)
HP LaserJet Managed MFP E62555dn
J8J66A         
FS4: 2406048_029629 (or higher)
HP LaserJet Managed MFP E62565hs
J8J73A         
FS4: 2406048_029629 (or higher)
HP LaserJet Managed MFP E72525/30/35dn
X3A60A, X3A63A, X3A66A
FS4: 2406048_029614 (or higher)
HP LaserJet Managed MFP E82540/50/60dn
X3A69A, X3A72A, X3A75A
FS4: 2406048_029617 (or higher)
HP OfficeJet Enterprise Color Flow MFP X585
B5L06A, B5L06V,B5L07A
FS3: 2308974_579759 (or higher)
FS4: 2406048_029636 (or higher)
HP OfficeJet Enterprise Color MFP X585
B5L04A, B5L04V, B5L05A, B5L05V, L3U40A, L3U41A
FS3: 2308974_579759 (or higher)
FS4: 2406048_029636 (or higher)
HP OfficeJet Enterprise Color X555dn, xh
C2S11A, C2S11V, C2S12A, C2S12V, L1H45A
FS3: 2308974_579758 (or higher)
FS4: 2406048_029642 (or higher)
HP PageWide Enterprise Color 765dn
J7Z04A
FS4: 2406048_029619 (or higher)
HP PageWide Enterprise Color MFP 586dn, f
G1W39A, G1W39V, G1W40A, G1W40V
FS3: 2308974_579780 (or higher)
FS4: 2406048_029624 (or higher)
HP PageWide Enterprise Color MPF 780f, dn
J7Z09A, J7Z10A
FS4: 2406048_029621 (or higher)
HP PageWide Enterprise Color MPF 785f, zs
J7Z11A, J7Z12A
FS4: 2406048_029621 (or higher)
HP PageWide Enterprise Color X556dn, xh
G1W46A, G1W46V, G1W47A, G1W47V, L3U44A
FS3: 2308974_579766 (or higher)
FS4: 2406048_029637 (or higher)
HP PageWide Managed Color E55650dn
L3U44A
FS3: 2308974_579766 (or higher)
FS4: 2406048_029637 (or higher)
HP PageWide Managed Color E75160dn
J7Z06A
FS4: 2406048_029619 (or higher)
HP PageWide Enterprise Color Flow MFP 586z
G1W41A, G1W41V
FS3: 2308974_579780 (or higher)
FS4: 2406048_029624 (or higher)
HP PageWide Managed Color Flow MFP E58650z
L3U43A
FS3: 2308974_579780 (or higher)
FS4: 2406048_029624 (or higher)
HP PageWide Managed Color Flow MFP E77650z, zs
J7Z08A, J7Z14A
FS4: 2406048_029621 (or higher)
HP PageWide Managed Color Flow MFP E77660dn, z, zs, zts
Z5G77A, J7Z03A, J7Z07A, J7Z05A
FS4: 2406048_029621 (or higher)
HP PageWide Managed Color MFP E58650dn
L3U42A
FS3: 2308974_579780 (or higher)
FS4: 2406048_029624 (or higher)
HP PageWide Managed Color MFP E77650dn, dns
J7Z13A, Z5G79A
FS4: 2406048_029621 (or higher)
HP Scanjet Enterprise 8500 Document Capture Workstation
L2717A
FS3: 2308974_579756 (or higher)
HP ScanJet Enterprise Flow N9120 Document Flatbed Scanner
L2683A
FS4: 2406048_029625 (or higher)
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, visit https://www.hp.com/go/contacthp to learn about your HP support options.
Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://www.hp.com/go/alerts.
Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
PI
HP Printing and Imaging
HF
HP Hardware and Firmware
GN
HP General Software
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: hp-security-alert@hp.com
Subject: get key
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
REVISION HISTORY : Version 1 - 15 October 2018: Initial release; Version 2 - 19 October 2018: Updated product firmware table.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started