HP Printers RCE Vulnerability

Published: 2017-11-23 09:11:12
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Summary:
Multiple HP Printers are vulnerable to RCE attacks.

Detection Method:
The script checks if a vulnerable Firmware is installed on the host.

Technical Details:
A flaw in HP's Digital Signature Validation makes it possible to load malicious DLLs onto an HP printer and use it to execute arbitrary code on the machine.

Impact:
Successful exploitation would allow an attacker to execute arbitrary code on the target machine.

Affected Versions:
Affected are the following Printers and Firmwares: - HP Color LaserJet Enterprise M651 (CZ255A, CZ256A, CZ257A, CZ258A) - Firmware before v 2405129_000047 - HP Color LaserJet Enterprise M652 (J7Z98A, J7Z99A) - Firmware before v 2405130_000068 - HP Color LaserJet Enterprise M653 (J8A04A, J8A05A, J8A06A) - Firmware before v 2405130_000068 - HP Color LaserJet Enterprise MFP M577 (B5L46A, B5L47A, B5L48A) - Firmware before v 2405129_000038 - HP Color LaserJet Enterprise M552 (B5L23A, B5L23V) - Firmware before v 2308903_577315 - HP Color LaserJet Enterprise M553 (B5L24A, B5L25A, B5L26A, B5L27A, B5L38A) - Firmware before v 2308903_577315 - HP Color LaserJet M680 (CZ250A, CA251A) - Firmware before v 2405129_000042 - HP Color LaserJet Managed E65050 (L3U55A) - Firmware before v 2405130_000068 - HP Color LaserJet Managed E65060 (L3U56A, L3U57A) - Firmware before v 2405130_000068 - HP LaserJet Enterprise 500 color MFP M575 (CD644A, CD645A) - Firmware before v 2405129_000045 - HP LaserJet Enterprise 500 MFP M525 (CF116A, CF117A) - Firmware before v 2405129_000048 - HP LaserJet Enterprise 700 color MFP M775 (CF304A, CC523A, CC524C, CC522A, L3U49A, L3U50A) - Firmware before v 2405129_000061 - HP LaserJet Enterprise 800 color M855 (A2W77A, A2W78A, A2W79A) - Firmware before v 2405129_000057 - HP LaserJet Enterprise 800 color MFP M880 (A2W76A, A2W75A, D7P70A, D7P71A) - Firmware before v 2405129_000054 - HP LaserJet Enterprise color flow MFP M575 (CD646A) - Firmware before v 2405129_000045 - HP LaserJet Enterprise flow M830z MFP (CF367A) - Firmware before v 2405129_000060 - HP LaserJet Enterprise flow MFP M525 (CF118A) - Firmware before v 2405129_000048 - HP LaserJet Enterprise Flow MFP M630 (B3G85A) - Firmware before v 2405129_000040 - HP LaserJet Enterprise Flow MFP M631 (J8J64A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise Flow MFP M632 (J8J72A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise Flow MFP M633 (J8J78A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise M527 (F2A76A, F2A77A, F2A81A) - Firmware before v 2405129_000039 - HP LaserJet Enterprise M607 (K0Q14A, K0Q15A) - Firmware before v 2405130_000069 - HP LaserJet Enterprise M608 (K0Q17A, K0Q18A, M0P32A, K0Q19A) - Firmware before v 2405130_000069 - HP LaserJet Enterprise M609 (K0Q20A, K0Q21A, K0Q22A) - Firmware before v 2405130_000069 - HP LaserJet Enterprise M806 (CZ244A, CZ245A) - Firmware before v 2405129_000059 - HP LaserJet Enterprise MFP M630 (J7X28A) - Firmware before v 2405129_000040 - HP LaserJet Enterprise MFP M631 (J8J63A, J8J65A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise MFP M632 (J8J70A, J8J71A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise MFP M633 (J8J76A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise MFP M725 (CF066A, CF067A, CF068A, CF069A) - Firmware before v 2405129_000058 - HP LaserJet Managed E60055 (M0P33A) - Firmware before v 2405130_000069 - HP LaserJet Managed E60065 (M0P35A, M0P36A) - Firmware before v 2405130_000069 - HP LaserJet Managed E60075 (M0P39A, M0P40A) - Firmware before v 2405130_000069 - HP LaserJet Managed Flow MFP E62555 (J8J67A) - Firmware before v 2405129_000041 - HP LaserJet Managed Flow MFP E62565 (J8J74A, J8J79A) - Firmware before v 2405129_000041 - HP LaserJet Managed Flow MFP E62575 (J8J80A) - Firmware before v 2405129_000041 - HP LaserJet Managed MFP E62555 (J8J66A) - Firmware before v 2405129_000041 - HP LaserJet Managed MFP E62565 (J8J73A) - Firmware before v 2405129_000041 - HP OfficeJet Enterprise Color Flow MFP X585 (B5L06A, B5L06V, , B5L07A) - Firmware before v 2405129_000050 - HP OfficeJet Enterprise Color MFP X585 (B5L04A, B5L04V, B5L05A, B5L05V) - Firmware before v 2405129_000050 - HP PageWide Enterprise Color 765 (J7Z04A) - Firmware before v 2405087_018564 - HP PageWide Enterprise Color MFP 586 (G1W39A, G1W39V, G1W40A, G1W40V) - Firmware before v 2405129_000066 - HP PageWide Enterprise Color MPF 780 (J7Z09A, J7Z10A) - Firmware before v 2405087_018548 - HP PageWide Enterprise Color MPF 785 (J7Z11A, J7Z12A) - Firmware before v 2405087_018548 - HP PageWide Enterprise Color X556 (G1W46A, G1W46V, G1W47A, G1W47V, L3U44A) - Firmware before v 2405129_000051 - HP PageWide Managed Color E55650 (L3U44A) - Firmware before v 2405129_000051 - HP PageWide Managed Color E75160 (J7Z06A) - Firmware before v 2405087_018564 - HP PageWide Managed Color Flow MFP 586 (G1W41A, G1W41V) - Firmware before v 2405129_000066 - HP PageWide Managed Color Flow MFP E77650 (J7Z08A, J7Z14A) - Firmware before v 2405087_018548 - HP PageWide Managed Color Flow MFP E77660 (Z5G77A, J7Z03A, J7Z07A, J7Z05A) - Firmware before v 2405087_018548 - HP PageWide Managed Color MFP E77650 (J7Z13A, Z5G79A) - Firmware before v 2405087_018548 - HP ScanJet Enterprise Flow N9120 Doc Flatbed Scanner (L2683A) - Firmware before v 2405087_018552 - HP Digital Sender Flow 8500 fn2 Doc Capture Workstation (L2762A) - Firmware before v 2405087_018553

Recommendations:
Update to the fixed Firmware version

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-2750

References:

https://foxglovesecurity.com/2017/11/20/a-sheep-in-wolfs-clothing-finding-rce-in-hps-printer-fleet/#arbcode
https://support.hp.com/nz-en/document/c05839270

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.