Number: AV17-176
Date: 27 November 2017
Purpose
The purpose of this advisory is to bring attention to the recently released security updates for HP Enterprise printers.
Assessment
HP has released security patches to address a vulnerability of Insufficient Solution DLL Signature Validation which could allow potential execution of arbitrary code in multiple HP enterprise printers.
Affected Versions:
HP Color LaserJet Enterprise; M652, M653, M577, M552, M553
HP Color LaserJet; M680
HP Color LaserJet Managed; E65050, E65060
HP LaserJet Enterprise 500 color; MFP; M575
HP LaserJet Enterprise 500; MFP, M525
HP LaserJet Enterprise 700 color; MFP, M775
HP LaserJet Enterprise 800 color; MFP, M880, M855
HP LaserJet Enterprise color flow MFP; M575
HP LaserJet Enterprise flow; M830z, MFP, M525, M630, M631, M632, M632, M633
HP LaserJet Enterprise; MFP M630, M631, M632, M633, M725, M806
HP LaserJet Managed; E60055, E60065, E60075
HP LaserJet Managed Flow MFP; E62555, E62565, E62575
HP LaserJet Managed MFP; E62555, E62565
HP OfficeJet Enterprise Color Flow MFP; X585
HP OfficeJet Enterprise Color MFP; X585
HP PageWide Enterprise Color MFP; 586, 765, 780, 785, X556
HP PageWide Managed Color; E55650, E75160
HP PageWide Managed Color Flow; MFP, 586, E77650, E77660, E77650
HP ScanJet Enterprise Flow N9120 Doc Flatbed Scanner
HP Digital Sender Flow 8500 fn2 Doc Capture Workstation
CVE Reference: CVE-2017-2750
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications or workarounds to affected platforms accordingly.
References: