Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2279 HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution 7 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: HP Ink Printers Publisher: Hewlett-Packard Operating System: Printer Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-5925 CVE-2018-5924 Original Bulletin: https://support.hp.com/us-en/document/c06097712 - --------------------------BEGIN INCLUDED TEXT-------------------- SUPPORT COMMUNICATION- SECURITY BULLETIN Document ID: c06097712 Version: 2 HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution Notice:: The information in this security bulletin should be acted upon as soon as possible. Release date : 01-Aug-2018 Last updated : 03-Aug-2018 Potential Security Impact: Reported by: TBA Source:HP, HP Product Security Response Team (PSRT) VULNERABILITY SUMMARY Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. Reference Number CVE-2018-5924, CVE-2018-5925, PSR-2018-0072 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. See RESOLUTION section. BACKGROUND For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com CVSS 3.0 Base Metrics Reference Base Vector Base Score CVE-2018-5924 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8 (Critical) CVE-2018-5925 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8 (Critical) RESOLUTION HP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software. For guidance on how to update your product firmware, go to the Upgrading Printer Firmware page and follow the instructions provided. Pagewide Pro Product Name Product Number Firmware Revision HP PageWide 352dw J6U57B 001.1829A HP PageWide Managed MFP P57750dw J9V82A 001.1829A J9V82B J9V82C J9V82D HP PageWide Managed MFP P77740dn Y3Z57 005.1828A HP PageWide Managed MFP P77740dw W1B33 005.1828A HP PageWide Managed MFP P77740z W1B39 005.1828A HP PageWide Managed MFP P77750z W1B37 005.1828A HP PageWide Managed MFP P77760z W1B38 005.1828A HP PageWide Managed P55250dw J6U55A 001.1829A J6U55B J6U55C J6U55D HP PageWide Managed P75050dn Y3Z45 005.1828A HP PageWide Managed P75050dw Y3Z47 005.1828A HP PageWide MFP 377dw J9V80A 001.1829A J9V80B HP PageWide Pro 452dn D3Q15A 001.1829A D3Q15B D3Q15D HP PageWide Pro 552dw D3Q17A 001.1829A D3Q17C D3Q17D HP PageWide Pro 750dn Y3Z46 005.1828A HP PageWide Pro 750dw Y3Z44 005.1828A HP PageWide Pro MFP 477dn D3Q19A 001.1829A D3Q19D HP PageWide Pro MFP 477dw D3Q20A 001.1829A D3Q20B D3Q20C D3Q20D HP PageWide Pro MFP 577dw D3Q21A 001.1829A D3Q21C D3Q21D HP PageWide Pro MFP 577z K9Z76A 001.1829A K9Z76D HP PageWide Pro MFP 772dn W1B31 005.1828A HP PageWide Pro MFP 772dw Y3Z54 005.1828A HP PageWide Pro 452dw D3Q16A 001.1829A D3Q16B D3Q16C D3Q16D HP DesignJet Product Name Product Firmware Number Revision HP DesignJet rugged case N9M07A 1829A HP Designjet T120 24-in ePrinter CQ891A 1829B HP Designjet T120 24-in Printer CQ891B 1829B HP Designjet T120 24-in Printer (2018 edition) CQ891C 1829B HP Designjet T120 24-in Rmkt ePrinter CQ891AR 1829B HP Designjet T520 24-in ePrinter CQ890A 1829B HP Designjet T520 24-in Printer CQ890B 1829B HP Designjet T520 24-in Printer (2018 edition) CQ890C 1829B HP Designjet T520 24-in Printer (2018 edition) CQ890D 1829B HP Designjet T520 24-in Printer (2018 edition, CQ890E 1829B legless) HP Designjet T520 24-in Rmkt ePrinter CQ890AR 1829B HP Designjet T520 36-in ePrinter CQ893A 1829B HP Designjet T520 36-in Printer CQ893B 1829B HP Designjet T520 36-in Printer (2018 edition) CQ893C 1829B HP Designjet T520 36-in Printer (2018 edition, CQ893E 1829B legless) HP Designjet T520 36-in Rmkt ePrinter CQ893AR 1829B HP DesignJet T730 36in Printer F9A29A 1829A HP DesignJet T730 36in Printer F9A29B 1829A HP Designjet T730 with Rugged Case T5D66A 1829A HP DesignJet T830 24in eMFP Printer F9A28A 1829A HP DesignJet T830 24-in MFP Printer F9A28B 1829A HP DesignJet T830 MFP with Armor Case 1JL02B 1829A HP DesignJet T830 MFP with Armour Case 1JL02A 1829A HP DesignJet T830 MFP with Rugged Case T5D67A 1829A HP Officejet, HP Deskjet and HP Envy Product Name Product FirmwareRevision Number HP AMP 1xx Printer series T8X39 - T8X44 1828A 1SH08 3AW44A - 3AW51A HP Deskjet 2540 All-in-One A9U19A - 1828B A9U28B D3A78B - D3A82A HP DeskJet 2600 All-in-One Printer 4UJ28B 1828A V1N01A - V1N08A Y5H60A - Y5H80A HP DeskJet 2600 All-in-One Printer CZ992A 1828A L9D57A N4L17A HP Deskjet 2620 Ink Advantage series D4H22A - 1826A D4H24B HP Deskjet 3540 series A9T81A 1828A A9T81C A9T83B HP DeskJet 3630 series F5S43A - 1829A F5S57A K4T93A - K4T99B K4U00B - K4U04B HP DeskJet 3700 All-in-One Printer series J9V86A 1828A HP DeskJet 3700 All-in-One Printer series J9V86A - 1828A J9V96A T8W51A - T8W73A HP Deskjet 4510 series A9J41 - A9J43 1828B HP DeskJet 4530 series F0V64 - F0V66 1827B J6U63 W3U23 - W3U24 HP DeskJet 4720 series F5S65A - 1829A F5S66A L8L91A HP DeskJet 5000 series M2U86 - M2U90 1828A HP DeskJet 5275 All-in-One Printer M2U76 - M2U80 1828A HP DeskJet 5640 series B9S57C 1821B HP DeskJet 5730 series F5S60A - 1824A F5S61A T0A23A - T0A25A HP DeskJet GT 5820 All-in-One Printer series M2Q28A 1829A P0R21A X3B09A 2ND31A HP Deskjet Ink Advantage 2540 All-in-One A9U23 - A9U28 1828B HP DeskJet Ink Advantage 2600 All-in-One Printer V1N02A - 1828A V1N02C HP DeskJet Ink Advantage 2600 All-in-One Printer Y5Z00A - 1828A Y5Z07B HP DeskJet Ink Advantage 3630 All-in-One Printer F5S43 - F5S57 1829A K9U05B HP DeskJet Ink Advantage 3700 All-in-One Printer 1DT61A - 1828A series 1DT62A 3YZ74A - 3YZ75A 4SC29A - 4SC30A J9V87A - J9V89B T8W35A - T8W50C HP Deskjet Ink Advantage 3830 e-All-in-One F5R96A - 1825A Printer F5R98B K7V42C - K7V43C HP Deskjet Ink Advantage 4615 All-in-One Printer CZ283A - 1829A CZ283C HP Deskjet Ink Advantage 4625 e-All-in-One CZ284A - 1829A CZ284C HP Deskjet Ink Advantage 4640 e-All-in-One B4L08A - 1825A Printer series B4L10A HP DeskJet Ink Advantage 4670 All-in-One Printer F1H97 - 1826A F1H199 HP Deskjet Ink Advantage 5525 e-All-in-One CZ282A - 1828B CZ282C HP DeskJet Ink Advantage 5570 All-in-One printer G0V48B 1821A G0V48C HP Deskjet Ink Advantage 6525 e-All-in-One CZ276A - 1828B CZ76C HP Envy 120 Series CQ176 - CQ190 1827A HP ENVY 4500 series A9T80A 1828A A9T80B A9T89A D3P93A HP ENVY 4510 All-in-One Printer K9H48 - K9H57 1827B HP ENVY 4520 series F0V63 1827B F0V67 - F0V74 K9T01 - K9T10 J6U59 - J6U62 J6U69 - J6U70 K9H57 W3U25 - W3U27 HP ENVY 5000 series M2U85 1828A M2U91-M2U94 Z4A54 - Z4A78 HP ENVY 5530 series A9J40A - 1828B A9J48B D4J85B - D4J86B HP ENVY 5540 All-in-One Printer G0V47 1821A G0450 - G0V56 K7C84 - K7C93 K7G86 - K7G90 HP ENVY 5640 series B9S56A 1824A B9S58A - B9S65A F8B05A F8B13A HP ENVY 5660 series F8B04A 1824A F8B06A - F8B08A F8B12A HP ENVY 7640 series E4W43-E4W48 1825C HP ENVY Photo 6200 All-in-One Printer series K7G18A-K7G29A 1829D HP ENVY Photo 7100 All-in-One Printer series K7G93A-K7G99 1829D HP ENVY Photo 7100 All-in-One Printer series K7S00A 1829D HP Ink Tank 310 Z6Z11A 1737J 1805J HP Ink Tank Wireless 410 Z4B53A - 1737J Z4B55A 1805J Z6Z95A Z6Z97A HP Officejet Pro X451dn Printer CN459A 1829B HP Officejet Pro X451dw Printer CN463A 1829B HP Officejet Pro X476dn MFP CN460A 1829B HP Officejet Pro X476dw MFP CN461A 1829B HP Officejet Pro X551dw Printer CV037A 1829B HP Officejet Pro X576dn MFP CN462A 1829B HP Officejet Pro X576dw MFP C598A 1829B HP OfficeJet 200 Mobile series CZ993A 1827A L9B95A HP OfficeJet 202 Mobile series N4L14C 1827A N4K99C HP OfficeJet 252 Mobile All-in-One N4L18C 1828A HP Officejet 2620 series D4H21A - 1826A D4H21B D4H25A - D4H29B HP Officejet 3830 e-All-in-One Printer F5R95 1825A F5S00 - F5S04 K7V35 - K7V49 HP Officejet 4610 e-All-in-One Printer CR771A 1829A HP Officejet 4620 e-All-in-One Printer CZ152A - 1829A CZ152C HP Officejet 4622 e-All-in-One Printer CZ294A - 1829A CZ296B HP Officejet 4630 e-All-in-One Printer series B4L03 - 1825A B4L07A D4J74 - D4J78 HP OfficeJet 4650 All-in-One Printer F1H96 1826A F1J00 - F1J07 F9D36 - F9D38 K9V76 - K9V85 V6D27- V6D32 HP OfficeJet 5200 AlI-in-One Printer M2U75 1828A M2U81-M2U84 Z4B12 - Z4B36 HP Officejet 5740 series B9S76-B9S85 1825A F8B09-F8B11 T1P36-T1P38 HP Officejet 6220 / HP Officejet Pro 6230 E3E03A 1827A ePrinter C9S13A HP OfficeJet 6600 e-All-in-One CN581A 1827D HP OfficeJet 6700 Premium e-All-in-One CN583A 1827D HP Officejet 6810/6820 e-All-in-One Printer F0M65A 1828A G1W52A HP OfficeJet 6950 All-in-One P4C78A - 1828A P4C87A T3P03A T3P04A HP OfficeJet 6960 All-in-One J7K33A - 1828A HP OfficeJet Pro 6960 All-in-One J7K39A T0F28A - T0F38A T0G25A - T0G26A HP Officejet 7110 Wide Format ePrinter CR768A 1827A HP Officejet 7510 Wide Format All-in-One Printer G3J47A 1829A HP Officejet 7610 series Wide Format CR769A 1828B e-All-in-One Printer HP Officejet 7612 Wide Format e-All-in-One G1X85A 1829A HP Officejet Pro 251dw Printer CV136A 1828A HP Officejet Pro 276dw Multifunction Printer CR7770A 1829A HP Officejet Pro 3610 Black and White Printer CZ292A 1828A HP Officejet Pro 3620 Black and White Printer CZ293A 1828A HP Officejet Pro 6830 e-All-in-One Printer E3E02A 1828A J2D37A HP OfficeJet Pro 6970 All-in-One Printer J7K34A - 1828A J7K42A T0F29A - T0F40A HP OfficeJet Pro 7720 Wide Format All-in-One Y0S18A 1830A HP OfficeJet Pro 7730 Wide Format All-in-One Y0S19A 1830A HP OfficeJet Pro 7740 Wide Format All-in-One G5J38A 1828A T1P99 T1Q00 - T1Q02 HP OfficeJet Pro 8210 Printer D9L63A 1827B HP OfficeJet Pro 8216 D9L64A T0G70A J3P68A HP OfficeJet Pro 8600A e-All-in-One CM749A 1829A HP OfficeJet Pro 8600A Plus e-All-in-One CM750A 1829A HP OfficeJet Pro 8600A Premium e-All-in-One CN577A 1829A HP Officejet Pro 8610 e-All-in-One Printer A7F64A 1828A D7Z36A E1D34A J5T77A T0K98A HP Officejet Pro 8620 e-All-in-One Printer A7F65A 1828A D7Z37A HP Officejet Pro 8630 e-All-in-One Printer A7F66A 1828A HP Officejet Pro 8640 e-All-in-One Printer E2D42A 1828B HP Officejet Pro 8660 e-All-in-One Printer E1D36A 1828A HP OfficeJet Pro 8710 All-in-One Printer D9L18A 1828A J6X76A - J6X78A J6X80A - J6X81A K7S37A - K7S38A M9L65A - M9L66A M9L70A M9L81A T0G45A - T0G49A HP OfficeJet Pro 8720 All-in-One Printer D9L19A 1828A J7A28A J7A31A K7S34A - K7S36A M9L73A - M9L75A M9L80A T0G50A - T0G51A T0G54A T6T77A HP OfficeJet Pro 8730 D9L20A 1827B HP OfficeJet Pro 8732M All-in-One Printer T0G56A - 1827A T0G59A HP OfficeJet Pro 8740 K7S42A 1827B HP Photosmart 5510 series CQ176-CQ190 TBD HP Photosmart 5510d series CQ761-CQ769 1829B HP Photosmart 5520 series e-All-in-One CX042 - CX049 1828B HP Photosmart 5521 e-All-in-One HP Photosmart 5522 e-All-in-One HP Photosmart 5524 e-All-in-One HP Photosmart 5525 e-All-in-One HP Photosmart 6510 series CQ761-CQ769 1829B HP Photosmart 6520 e-All-in-One CX017A - 1828B CX021C HP Photosmart 7520 series CZ025A 1826A CZ045A - CZ046A HP Photosmart Plus All-in-One B210 series B210 1829A HP Smart Tank Wireless 450 Z4B07A 1737J Z4B56A 1805J ... Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options. Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com. Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php-lang=en&cc =US&jumpid=hpsc_profile. Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin". Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. PI HP Printing and Imaging HF HP Hardware and Firmware GN HP General Software It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: hp-security-alert@hp.com Subject: get key System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." REVISION HISTORY : 1 August 2018: Initial Release. 2 August 2018: Updated product table. (C) Copyright 2018 HP Development Company, L.P. HP Inc. shall not be liable for technical or editorial errors or omissions contained herein.The information provided is provided "as is" without warranty of any kind.To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restorationThe information in this document is subject to change without notice.HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries.Other product and company names mentioned herein may be trademarks of their respective owners. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW2kKB2aOgq3Tt24GAQjdhRAAml/tCOc8vPadXs6QpDS1EX4gpaFa8ERp FmTMi/Dda5I/BX693Bxz90vj0j/pcOD99h3RCvh8OUo6fvzPHq7H6WzZoDgHqmDV gomN+FJSFWKuNxmlAeJGz/Ke4AsIUxEMoOKM00iGeIVh1S0N63c6KpTTB4h42G9T AkQhEWFPeELdBA1E1VYM9V7eLYZwTp0fjbIDABXMZyNkbMiRuISM/v6sfMKJZYFV dyvnbP2/TMyBvAv7A2UHJ0Pa5bRHOH0fpR/OgXD09nuUuWSGcFLWZjceOPyx8LZv 8J27BYi5eNEJOf+sdWpBD4hvEGbDu6f8NrGl6R4SFhGR6YxTaatw10OxAYUkbmyg JSWstR3VJ23GoiWozyOKnGxlqMHEjXzjk+lzoh6Sg+g7YcLcWbu3CekTtw2DDfDa 4Q663V6ISmtuiRCLeHWvlvFpCH93nQLWWb4KjlbOCllR1LWORASFB35sm1uKlBHk 3qKoBHNNCfmBTM5NHZ/0U/u3w3UYNuwKZ+VzqT62mGdS+AxWObApFFZ3O1Qapmce sdejqMFCiZ57EkxpOPSFXr5cDtJrLbQJdw268+tsrSfSwfMG9+ddAoTzW0ai9hyY DJ9vXvBt1Lhytdsc47cysczxjduofCAsNIXkjKep4sXWXNNf/CDg9pJaRN5dNj8/ ugFglT4/CN4= =KaUV -----END PGP SIGNATURE-----