Error:

Javascript is disabled in this browser. This page requires Javascript. Modify your browser's settings to allow Javascript to execute. See your browser's documentation for specific instructions.

hp-support-head-portlet

Actions

HP Customer Support - Knowledge Base

hp-contact-secondary-navigation-portlet

Actions

hp-share-print-widget-portlet

Actions

Information

Need Windows 11 help?
Check the information on compatibility, upgrade, and available fixes from HP and Microsoft. Windows 11 Support Center

Feedback

hp-concentra-wrapper-portlet

Actions

SUPPORT COMMUNICATION- SECURITY BULLETIN

Document ID: c05872536

Version: 1

HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities

Notice: The information in this security bulletin should be acted upon as soon as possible.

Release date : 09-Jan-2018

Last updated : 09-Jan-2018

Potential Security Impact:

KRACK Attacks

VULNERABILITY SUMMARY

On October 16, security researchers publicly announced vulnerabilities in the WiFi WPA2 standard. See the References section below for links to additional resources describing the KRACK Attacks WPA2 potential vulnerabilities in detail.

The HP printing devices and networking accessories listed below are susceptible to the applicable vulnerabilities (CVE) noted in the References section below. However, the vulnerabilities described in the CVEs can be mitigated for each of these devices and accessories as set forth in the Workarounds section below.

HP LaserJet Enterprise printers and multifunction printers
HP LaserJet Managed printers and multifunction printers
HP LaserJet Pro printers and multifunction printers
HP PageWide Enterprise printers and multifunction printers
HP PageWide Pro printers and multifunction printers
HP OfficeJet Enterprise series printers and multifunction printers
HP OfficeJet Pro printers and multifunction printers
HP Inkjet (DeskJet, Envy, PhotoSmart) printers and multifunction printers
HP DesignJet large format printers
HP JetDirect wireless print server accessories

Reference Number

www.krackattacks.com – Vulnerability information website.
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

N/A

BACKGROUND

N/A

RESOLUTION

Customers may mitigate risk for the identified vulnerabilities through one of the methods listed below. Devices vary in configuration procedures, so please refer to the product user guide for specific instructions.

Do not use unpatched clients to connect to the print device Wi-Fi Direct network. Wi-Fi Direct implementation is not impacted, but unpatched mobile devices could be subject to attack when connecting to Wi-Fi Direct
Configure the wireless access point or printer to only allow WPA2-AES/CCMP mode, thus disabling WPA-TKIP
Use only TLS enabled protocols to communicate with the printer
Turning off printer Wi-Fi and using Ethernet or USB

What can you do?

Subscribe to HP real-time security information: All HP products use a common centralized Security Bulletin process managed by HP´s Product Security Response Team (PSRT). Subscribe to HP Security Bulletins by following these steps:

Go to http://www.hp.com/go/support.
Click Get software and drivers.
Find your product.
Scroll to the bottom of the page and under Other support resources, click Sign up for driver, support & security alerts.
Follow the onscreen prompts to sign up for alerts.

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

REVISION HISTORY : Rev.DateReason1.024‐October‐2017Initial Version

HP Inc. shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

hp-feedback-input-portlet

Actions

hp-feedback-banner-portlet

Actions

hp-country-locator-portlet

Actions

Country/Region: Flag

Australia

hp-detect-load-my-device-portlet

Actions

hp-hero-support-search

Actions

Examples: "DeskJet 2130 paper jam", "EliteBook 1040 G3 bios update"