CIS Logo
tagline: Confidence in the Connected World

A Vulnerability in HP Products Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2017-115

DATE(S) ISSUED:

11/27/2017

OVERVIEW:

A vulnerability has been discovered in HP Products, which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights. Printers whose administrative account logins have been changed could be less impacted than those systems with default administrative credentials.

THREAT INTELLIGENCE:

There is no evidence of this vulnerability being exploited in the wild. However, the MS-ISAC has previously observed a variety of printer exploits and defacements affecting Internet-facing printers in state, local, tribal, and territorial governments, especially those located in universities, K-12 schools, and fire stations.

SYSTEMS AFFECTED:

  • HP Color LaserJet Enterprise M651CZ255A, CZ256A, CZ257A, CZ258A firmware versions prior to 2405129_000047
  • HP Color LaserJet Enterprise M652J7Z98A, J7Z99A firmware versions prior to 2405130_000068
  • HP Color LaserJet Enterprise M653J8A04A, J8A05A, J8A06A firmware versions prior to 2405130_000068
  • HP Color LaserJet Enterprise MFP M577B5L46A, B5L47A, B5L48A firmware versions prior to 2405129_000038
  • HP LaserJet Enterprise MFP M631J8J63A, J8J65A firmware versions prior to 2405129_000041
  • HP LaserJet Enterprise MFP M632J8J70A, J8J71A firmware versions prior to 2405129_000041
  • HP LaserJet Enterprise MFP M633J8J76A firmware versions prior to 2405129_000041
  • HP LaserJet Enterprise MFP M725CF066A, CF067A, CF068A, CF069A firmware versions prior to 2405129_000058
  • HP LaserJet Managed E60055M0P33A firmware versions prior to 2405130_000069
  • HP LaserJet Managed E60065M0P35A, M0P36A firmware versions prior to 2405130_000069
  • HP LaserJet Managed E60075M0P39A, M0P40A firmware versions prior to 2405130_000069
  • HP LaserJet Managed Flow MFP E62565J8J74A, J8J79A firmware versions prior to 2405129_000041
  • HP LaserJet Managed Flow MFP E62575J8J80A firmware versions prior to 2405129_000041
  • HP LaserJet Managed MFP E62555J8J66A firmware versions prior to 2405129_000041
  • HP LaserJet Managed MFP E62565J8J73A firmware versions prior to 2405129_000041
  • HP OfficeJet Enterprise Color Flow MFP X585B5L06A, B5L06, ,B5L07A firmware versions prior to 2405129_000050
  • HP OfficeJet Enterprise Color MFP X585B5L04A, B5L04, B5L05A, B5L05 firmware versions prior to 2405129_000050
  • HP PageWide Enterprise Color 765J7Z04A firmware versions prior to 2405087_018564
  • HP PageWide Enterprise Color MFP 586G1W39A, G1W39, G1W40A, G1W40 firmware versions prior to 2405129_000066
  • HP PageWide Enterprise Color MPF 780J7Z09A, J7Z10A firmware versions prior to 2405087_018548
  • HP PageWide Enterprise Color MPF 785J7Z11A, J7Z12A firmware versions prior to 2405087_018548
  • HP PageWide Enterprise Color X556G1W46A, G1W46, G1W47A, G1W47, L3U44A firmware versions prior to 2405129_000051
  • HP PageWide Managed Color E55650L3U44A firmware versions prior to 2405129_000051
  • HP PageWide Managed Color E75160J7Z06A firmware versions prior to 2405087_018564
  • HP PageWide Managed Color Flow MFP 586G1W41A, G1W41 firmware versions prior to 2405129_000066
  • HP PageWide Managed Color Flow MFP E77650J7Z08A, J7Z14A firmware versions prior to 2405087_018548
  • HP PageWide Managed Color Flow MFP E77660Z5G77A, J7Z03A, J7Z07A, J7Z05A firmware versions prior to 2405087_018548
  • HP PageWide Managed Color MFP E77650J7Z13A, Z5G79A firmware versions prior to 2405087_018548
  • HP ScanJet Enterprise Flow N9120 Doc Flatbed ScannerL2683A firmware versions prior to 2405087_018552
  • HP Digital Sender Flow 8500 fn2 Doc Capture WorkstationL2762A firmware versions prior to 2405087_018553

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in HP products which could allow for arbitrary code execution due to insufficient DLL signature validation. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights. Printers whose administrative account logins have been changed could be less impacted than those systems with default administrative credentials.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by HP to vulnerable systems, immediately after appropriate testing.
  • Change all default printer login credentials and/or passwords.
  • Implement the same security policies for printers as would be implemented on any networked system.
  • Restrict inbound access to only authorized IP addresses, machines, and/or users.
  • Disable unnecessary functions, services, and/or ports.
  • Log printer activity and connections, and retain logs for a minimum of 90 days.
  • Implement security features offered by printer manufacturers that include measures such as hard drive encryption, automated deletion of printer jobs, and drive overwrite capabilities.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 7: Email and Web Browser Protections