hp-support-head-portlet

Actions
Loading...
HP Customer Support - Knowledge Base

hp-contact-secondary-navigation-portlet

Actions
Loading...

hp-share-print-widget-portlet

Actions
Loading...
  • Information

    Fix and resolve Windows 10 update issue on HP Computer or Printer. Click here

hp-concentra-wrapper-portlet

Actions
Loading...

SUPPORT COMMUNICATION- SECURITY BULLETIN

Document ID: c06640149

Version: 1

HPSBPI03666 rev. 1 - Certain HP and Samsung-branded Print Products - Network Stack Potential Vulnerabilities

Notice:: The information in this security bulletin should be acted upon as soon as possible.

Release date : 16-Jun-2020

Last updated : 12-Jun-2020

Potential Security Impact:
Remote Code Execution, Denial of Service, and Multiple other Potential Vulnerabilities

VULNERABILITY SUMMARY
Multiple potential vulnerabilities may exist in the Treck Inc. networking stack used in certain HP and Samsung-branded printers. These may include, but not be limited to, denial of service or remote code execution. Please refer to Treck Inc. CVE’s below for further descriptions.
Reference Number
CVE-2020-11896, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11914, PSR-2020-0024
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION below for a list of potentially impacted products.
BACKGROUND
For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com
CVSS 3.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2020-11901
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9
CVE-2020-11899
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8
CVE-2020-11900
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2
CVE-2020-11896
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5
CVE-2020-11898
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5
CVE-2020-11904
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6
CVE-2020-11905
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3
CVE-2020-11906
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5
CVE-2020-11907
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5
CVE-2020-11909
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7
CVE-2020-11910
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7
CVE-2020-11911
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7
CVE-2020-11912
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7
CVE-2020-11914
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1
RESOLUTION
HP has provided firmware updates for potentially impacted printers listed in the table below. To obtain the updated firmware, go to the HP Software site and search for your printer model.

HP Laser, HP LaserJet Pro, HP Neverstop Laser, Samsung proXpress, Samsung MultiXpress

Product name
Model Number
Firmware Revision
HP Color Laser MFP 178/179
4ZB96A, 4ZB97A, 6HU08A, 6HU09A
V3.82.01.08 or later
HP Color LaserJet Pro M155
7KW48A, 7KW49A
20200603 or later
HP Color LaserJet Pro M255
7KW63A, 7KW64A, 7KW65A
20200603 or later
HP Color LaserJet Pro MFP M182, M183
7KW54A, 7KW55A, 7KW56A
20200603 or later
HP Color LaserJet Pro MFP M282, M283
7KW72A, 7KW75A
20200603 or later
HP Laser MFP 133/135/137
4ZB92A, 4ZB93A, 4ZB82A, 6HU10A, 5UE15A, 4ZB83A, 6HU11A, 4ZB85A, 4ZB87A, 4ZB86A, 9VV52A, 4ZB84A, 6HU12A, 4ZB91A, 4ZB88A, 4ZB89A, 4ZB90A
V3.82.01.11 or later
HP LaserJet Pro M102, M104, M106
G3Q34A, G3Q35A, G3Q36A, G3Q37A, G3Q39A
20200605 or later
HP LaserJet Pro M15, M16, M17
W2G50A, W2G51A, W2G52A, W2G53A, Y5S43A
20200609 or later
HP LaserJet Pro MFP M130, M132, M134
G3Q57A, G3Q58A, G3Q59A, G3Q60A, G3Q61A, G3Q62A, G3Q63A, G3Q64A, G3Q65A, G3Q66A, G3Q67A, G3Q68A
20200605 or later
HP LaserJet Pro MFP M29, M31
W2G54A, W2G55A, W2G56A, W2G57A, Y5S53A, Y5S50A, Y5S54A, Y5S55A
20200609 or later
HP LaserJet Ultra MFP M230
HP LaserJet Pro MFP M227, M148, M149
4PA41A, 4PA42A, 4PA44A, G3Q74A, G3Q75A, G3Q76A, G3Q77A, G3Q78A, G3Q79A
20200605 or later
HP LaserJet Pro M203, M206, M118
4PA39A, G3Q46A, G3Q47A, G3Q48A, G3Q50A
20200605 or later
HP Neverstop Laser 1000, 1020
4RY22A, 4RY23A, 4YE47A, 4YE48A, 4YE51A
20200609 or later
HP Neverstop Laser 1200a, 1005c
4QD21A, 4RY26A, 4YE52A, 4YE53A, 5NL12A
20200609 or later
Samsung MultiXpress SL-K302NR/GOV
SS026B
V3.00.11.04 or later
Samsung MultiXpress SL-K3250NR
SS027E
V3.00.11.04 or later
Samsung MultiXpress SL-K3300NR
SS028E
V3.00.11.04 or later
Samsung MultiXpress SL-X3220NR
SS043E
V3.00.11.08 or later
Samsung MultiXpress SL-X3280NR
SS044G
V3.00.11.08 or later
Samsung Printer proXpress SL-C3510ND
SS214A, SS214B
V3.00.05.06 or later
Samsung Printer proXpress SL-C3510ND/SLI
SS214B
V3.00.05.06 or later
Samsung Printer proXpress SL-C4010N
SS215A
V3.00.05.06 or later
Samsung Printer proXpress SL-C4010ND
SS216A, SS216B, SS216C, SS216D, SS216E, SS216F, SS216G, SS216H, SS216J, SS216K, SS216L, SS216M, SS216N, SS216P, SS216Q, SS216S, SS216T, SS216U, SS216V, SS216Z
V3.00.05.06 or later
Samsung Printer proXpress SL-C4010ND/GOV
SS216C
V3.00.05.06 or later
Samsung proXpress SL-M3310ND/GOV
SS364B
V4.00.02.20 or later
Samsung proXpress SL-M3320ND
SS365H
V4.00.02.20 or later
Samsung proXpress SL-M3370FD
SS368F
V4.00.02.20 or later
Samsung proXpress SL-M3375FD
SS369A, SS369B, SS369C, SS369D, SS369E
V4.00.02.20 or later
Samsung proXpress SL-M3820D
SS371A, SS371B, SS371C, SS371D
V4.00.02.20 or later
Samsung proXpress SL-M3820DW
SS372C, SS375B
V4.00.02.20 or later
Samsung proXpress SL-M3820ND
SS373A, SS373B, SS373C, SS373D, SS373E, SS373F, SS373G, SS373H, SS373J, SS373K, SS373L, SS373M, SS373N, SS373P, SS373Q, SS373S, SS373T, SS373U, SS373V, SS373W, SS373Z
V4.00.02.20 or later
Samsung proXpress SL-M3820ND/KRM
SS373F
V4.00.02.20 or later
Samsung proXpress SL-M3870FW/KRM
SS378E
V4.00.02.20 or later
Samsung proXpress SL-M4020ND
SS383K, SS383L, SS383X, SS383Y
V4.00.02.20 or later
Samsung proXpress SL-M4020ND/GOV
SS383C
V4.00.02.20 or later
Samsung proXpress SL-M4070FR/GOV
SS389J, SS390C
V4.00.02.20 or later
Samsung proXpress SL-M4530ND
SS397E, SS397G, SS398D
V4.00.02.20 or later

HP DeskJet, HP OfficeJet, HP OfficeJet Pro, HP Ink Tank, HP Smart Tank

Product name
Model Number
Firmware Revision
HP Officejet Pro 6230 / 6220 ePrinter
E3E03A
2021A or later
HP Officejet 7110 Wide Format ePrinter
CR768A
2020B or later
HP Smart Tank Wireless 450
Z6Z96A, Z4B56A, Z6Z98A
2020A or later
HP Ink Tank Wireless 410
Z6Z95A, 4YF79A, Z6Z99A, 4DX94A, Z4B53A, 4DX95A, Z4B55A, Z7A01A, Z4B54A, Z6Z97A
2020A or later
HP DeskJet Ink Advantage 3700 All-in-One Printer series
HP DeskJet 3700 All-in-One Printer series
1DT61A, 1DT62A, 3YZ74A, 3YZ75A, 4SC29A, 4SC30A, 7FM64B, 7FM65B, 7FM66B, J9V86A, J9V86B, J9V87A, J9V87B, J9V87C, J9V88A, J9V89B, J9V90A, J9V91A, J9V92A, J9V93B, J9V94B, J9V95B, J9V96B, J9V97B, T8W35A, T8W36A, T8W37A, T8W38A, T8W39B, T8W40B, T8W41B, T8W42C, T8W46C, T8W47C, T8W48C, T8W49C, T8W50C, T8W51A, T8W52A, T8W54A, T8W56A, T8W57A, T8W58A, T8W59A, T8W83A, T8W92A, T8W93A, T8W94A, T8W95A, T8W96A, T8X00B, T8X01B, T8X04B, T8X05B, T8X06B, T8X07B, T8X10B, T8X12B, T8X19B, T8X23B, T8X27B
2020B or later
HP OfficeJet Pro 6970 All-in-One Printer series
J7K34A, T0F33A, T0F39A, T0F34A, T0F35A, J7K40A, J7K36A, J7K42A, J7K41A, T0F29A, T0F37A, T0F40A
2020C or later
HP OfficeJet 6950 All-in-One
P4C78A, P4C85A, T3P03A, P4C86A, P4C81A, P4C82A, P4C84A
2020B or later
HP Officejet 200 Mobile Printer Series
CZ993A, L9B95A
2020B or later
HP Officejet 202 Mobile Printer Series
N4K99C, N4L14C
2020B or later
HP Officejet 3830 e-All-in-One Printer
F5R95A, F5R95B, F5R95C, K7V40A, K7V36A, K7V45B, F5R99A, F5S01B, F5S03B, K7V37A, F5S02B, K7V44B, K7V38A
2021A or later
HP Deskjet Ink Advantage 3830 e-All-in-One Printer
F5R96A, F5R96B, F5R96C, F5R97A, F5R98B
2021A or later
HP DeskJet 3630 All-in-One Printer
F5S43A, F5S57A, K4T99B, K4T99C, K4T94A, F5S47A, F5S48A, F5S49B, K4T95A, K4U03B, F5S50B, K4T93A, F5S56B, K4T96A, K4U00B, V3F21A, V3F22A, K4T97A, K4U01B, K4U02B, F5S43B, F5S43C
2021C or later
HP DeskJet Ink Advantage 3630 All-in-One Printer
F5S44A, F5S44B, F5S44C, K4U06A, K4U07A, K4U08A, F5S45A, F5S53C, K4U05B, F5S46B
2021C or later
HP DeskJet Ink Advantage Ultra 4720 All-in-One Printer
F5S65A, F5S66A, L8L91A
2020B or later
HP DeskJet 2700 All-in-One Printer series
HP DeskJet Ink Advantage 2700 All-in-One series
HP DeskJet Plus 4100 All-in-One series
HP DeskJet Plus Ink Advantage 4100 All-in-One series
3XV13A, 3XV14B, 3XV14C, 3XV15A, 3XV15D, 3XV17A, 3XV18B, 3XV18C, 3XV19A, 3XV19D, 4WS03B, 4WS04A, 4WS04B, 5AR83A, 5AR83B, 5AR84A, 5AR85A, 7FR20A, 7FR21A, 7FR26B, 7FR27B, 7FR28B, 7FR29B, 7FR48D, 7FR50B, 7FR52A, 7FR53A, 7FR53B, 7FR54B, 7FR55B, 7FR56D, 7FR57A, 7FR57D, 7FR58A, 7FR59D, 7FR60D, 7FR61A, 7FS74A, 7FS74D, 7FS75D, 7FS76A, 7FS77B, 7FS79A, 7FS79B, 7FS81B, 7FS83D, 7FS86A, 7FS87A, 7FS87D, 7FS88A, 7FS88D, 7HZ98B, 7HZ99B, 7MR23A, 7MR24A, 8QB70A, 8RK11A
2021D or later
HP DeskJet 2600 All-in-One Printer
V1N01B, V1N01C, Y5H80A, Y5H68A, Y5H68D, 4UJ28B, V1N07A, Y5H67A, Y5H67D, Y5H69A, Y5H69D, V1N08A, Y5H60A, Y5H61A, Y5H62A, Y5H72D, V1N03B, V1N03C, V1N05B, V1N05C, V1N06B, V1N07B, Y5H63A, Y5H64A, Y5H65A, V1N05A, V1N01A, V1N03A, V1N04A, 5SF02A, 5SF03A, 5SF04A, Y5H58A, Y5H66A
2020B or later
HP DeskJet Ink Advantage 2600 All-in-One Printer
V1N02A, V1N02B, Y5Z00A, Y5Z03B, Y5Z04B, Y5Z02B, 7FQ79B, 7FQ80B, 7FQ81B
2020B or later
HP OfficeJet 250 Mobile Series
CZ992A, L9D57A, N4L17A, N4L16C, N4L18C
2020B or later
HP OfficeJet 6960 All-in-One
HP OfficeJet Pro 6960 All-in-One
T0G25A, T0G26A, J7K33A, T0F30A, T0F32A, T0F38A, T0F31A, J7K37A, J7K38A, J7K35A, J7K39A, T0F28A, T0F36A
2020C or later
HP OfficeJet Pro 8710 All-in-One Printer series
HP OfficeJet Pro 8720 All-in-One Printer series
D9L18A, D9L19A, J6X76A, J6X77A, J6X78A, J6X79A, J6X80A, J6X81A, J7A28A, J7A29A, J7A31A, K7S34A, K7S35A, K7S36A, K7S37A, K7S38A, M9L65A, M9L66A, M9L67A, M9L70A, M9L74A, M9L75A, M9L76A, M9L80A, T0G46A, T0G47A, T0G48A, T0G49A, T0G54A
2020A or later
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
REVISION HISTORY : Version 1: 16 June 2020 - Initial release

HP Inc. shall not be liable for technical or editorial errors or omissions contained herein.The information provided is provided "as is" without warranty of any kind.To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration.The information in this document is subject to change without notice.HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries.Other product and company names mentioned herein may be trademarks of their respective owners.

hp-feedback-input-portlet

Actions
Loading...

hp-feedback-banner-portlet

Actions
Loading...

hp-country-locator-portlet

Actions
Loading...
Country/Region: Flag United States

hp-detect-load-my-device-portlet

Actions
Loading...