solution Contentsolution Content

HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFPs, HP PageWide Color Printers and MPS, Cross Site Scripting (XSS)

HP has identified a potential security vulnerability with certain HP printers. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Severity

High

HP Reference

HPSBPI03559 rev.1

Release date

15-Jun-2017

Last updated

28-Jun-2017

Category

Print

Potential Security Impact

Cross Site Scripting (XSS)

Scroll to Resolution

Receive updates on this bulletin

Relevant Common Vulnerabilities and Exposures (CVE) List

Reported by Jerry Decime

List of CVE IDs

CVE ID

Base Vector

Base Score

CVE-2017-2743

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

7.5

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

Background

For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com.

References

CVE-2017-2743, PSR-2017-0008

Resolution

HP has provided firmware updates for affected printers.

  1. Go to HP Software and Driver Downloads.

  2. Click Printer.

  3. Search for your printer model.

    The software and drivers page opens.

  4. Scroll down and click Firmware from the category list.

  5. Click the Download button next to the firmware update and save it to a location where it can be easily retrieved.

  6. Download the README file and review the Installation Instructions section to learn how to install the firmware update.

Affected products

Identify the affected products.

HP Color LaserJet, HP LaserJet Enterprise, HP ScanJet Enterprise, HP Color LaserJet Enterprise, HP OfficeJet Enterprise, HP PageWide Enterprise

Product Name

Model

Firmware update version

HP Color LaserJet CM4540 MFP

CC419A, CC420A, CC421A

v 2308214_000901 (or higher)

HP Color LaserJet CP5525

CE707A, CE708A, CE709A

v 2308214_000900 (or higher)

HP LaserJet Enterprise M4555 MFP

CE503A, CE504A, CE738A

v 2308214_000904 (or higher)

HP LaserJet Enterprise 600 M601

CE989A, CE990A

v 2308214_000926 (or higher)

HP LaserJet Enterprise 600 M602

CE991A, CE992A, CE993A

v 2308214_000926 (or higher)

HP LaserJet Enterprise 600 M603xh

CE994A, CE995A, CE996A

v 2308214_000926 (or higher)

HP LaserJet Enterprise Color 500 M551 Series

CF081A, CF082A, CF083A

v 2308214_000927 (or higher)

HP ScanJet Enterprise 8500 Document Capture Workstation

L2717A

v 2308214_000903 (or higher)

HP LaserJet Enterprise 500 color MFP M575dn

CD644A, CD645A

v 2308214_000925 (or higher)

HP LaserJet Enterprise 500 MFP M525f

CF116A, CF117A

v 2308214_000913 (or higher)

HP LaserJet Enterprise 700 color MFP M775 series

CC522A, CC523A, CC524A

v 2308214_000932 (or higher)

HP LaserJet Enterprise 700 M712xh

CF235A, CF236A, CF238A

v 2308214_000922 (of higher)

HP LaserJet Enterprise color flow MFP M575c

CD646A

v 2308214_000925 (or higher)

HP LaserJet Enterprise flow MFP M525c

CF118A

v 2308214_000913 (or higher)

HP LaserJet Enterprise MFP M725

CF066A, CF067A, CF068A, CF069A

v 2308214_000921 (or higher)

HP Color LaserJet Enterprise M750

D3L08A, D3L09A, D3L10A

v 2308214_000931 (or higher)

HP LaserJet Enterprise 800 color M855

A2W77A, A2W78A, A2W79A

v 2308214_000930 (or higher)

HP LaserJet Enterprise 800 color MFP M880

A2W76A, A2W75A, D7P70A, D7P71A

v 2308214_000928 (or higher)

HP LaserJet Enterprise flow M830z MFP

CF367A

v 2308214_000916 (or higher)

HP LaserJet Enterprise M806

CZ244A, CZ245A

v 2308214_000920 (or higher)

HP Color LaserJet Enterprise M651

CZ255A, CZ256A, CZ257A, CZ258A

v 2308214_000929 (or higher)

HP Color LaserJet M680

CZ250A, CZ251A

v 2308214_000915 (or higher)

HP OfficeJet Enterprise Color MFP X585

B5L04A, B5L05A, B5L07A

v 2308214_000902 (or higher)

HP OfficeJet Enterprise Color X555

C2S11A, C2S12A

v 2308214_000906 (or higher)

HP LaserJet Enterprise MFP M630

J7X28A

v 2308214_000912 (or higher)

HP Color LaserJet Enterprise M552

B5L23A

v 2308214_000907 (or higher)

HP Color LaserJet Enterprise M553

B5L24A, B5L25A, B5L26A

v 2308214_000907 (or higher)

HP LaserJet Enterprise M604

E6B67A, E6B68A

v 2308214_000908 (or higher)

HP LaserJet Enterprise M605

E6B69A, E6B70A, E6B71A

v 2308214_000908 (or higher)

HP LaserJet Enterprise M606

E6B72A, E6B73A

v 2308214_000908 (or higher)

HP LaserJet Enterprise Flow MFP M630z

B3G85A

v 2308214_000912 (or higher)

HP Color LaserJet Enterprise MFP M577

B5L46A, B5L47A, B5L48A

v 2308214_000909 (or higher)

HP LaserJet Enterprise M506

2A68A, F2A69A, F2A70A, F2A71A

v 2308214_000911 (or higher)

HP LaserJet Enterprise M527

F2A76A, F2A77A, F2A81A

v 2308214_000905 or higher)

HP PageWide Enterprise Color X556

G1W46A, G1W46V, G1W47A, G1W47V, L3U44A

v 2308214_000910 (or higher)

HP PageWide Enterprise Color MFP X586

G1W40A, G1W39A, G1W41A, L3U43A, L3U42A

v 2308214_000923 (or higher)

Revision history

This document has been revised according to the information below.

List of versions

Version

Description

Date

1

Initial Release

15-Jun-2017

Additional information

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

Legal information

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2024 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Additional support options

Try one of our automated tools or diagnostics
Ask a question on our HP Support Community page
Get in touch with one of our support agents

Enter a topic to search our knowledge library

What can we help you with?