Title

HP Printers and Digital Senders Remote Firmware Update (RFU) Vulnerability (Cat I impact)

Discussion

Hewlett-Packard has addressed a vulnerability affecting various HP LaserJet printers and Digital Senders. To exploit this vulnerability, a remote attacker would send a malicious request to TCP port 9100 to update the HP device with malicious firmware. If successfully exploited, this vulnerability would allow a remote attacker to bypass security restrictions. At this time, there are known exploit vectors associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. HP Printers and Digital Senders Remote Firmware Update Security Bypass Vulnerability - (CVE-2011-4161): The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31005

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.