Summary
A potential security vulnerability has been identified in HP Officejet Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL vulnerability known as 'Heartbleed' (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information.
Impact
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks.
Solution
Updates are available. Please see the references or vendor advisory for more information.
Affected
HP Officejet Pro X451dn < BNP1CN1409BR
HP Officejet Pro X451dw < BWP1CN1409BR
HP Officejet Pro X551dw < BZP1CN1409BR
HP Officejet Pro X476dn < LNP1CN1409BR
HP Officejet Pro X476dw < LWP1CN1409BR
HP Officejet Pro X576dw < LZP1CN1409BR
HP Officejet Pro 276dw < FRP1CN1416BR
HP Officejet Pro 251dw < EVP1CN1416BR
HP Officejet Pro 8610 < FDP1CN1416AR
HP Officejet Pro 8615 < FDP1CN1416AR
HP Officejet Pro 8620 < FDP1CN1416AR
HP Officejet Pro 8625 < FDP1CN1416AR
HP Officejet Pro 8630 < FDP1CN1416AR
HP Officejet Pro 8640 < FDP1CN1416AR
HP Officejet Pro 8660 < FDP1CN1416AR
Detection
Check the firmware version.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0160 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
- Apache Tomcat Remote Code Execution Vulnerability - Sep14
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Apple Mac OS X Multiple Vulnerabilities - 02 Jan14
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)