發佈編號

TACERT-ANA-2021120201124545

發佈時間

2021-12-02 13:45:00

事故類型

ANA-漏洞預警

發現時間

2021-12-02 13:35:00

影響等級

中

[主旨說明:]【漏洞預警】多款HP雷射印表機、多功能事務機及掃描器存在安全漏洞(CVE-2021-39237與CVE-2021-39238)，允許遠端攻擊者執行任意程式碼，請儘速確認並進行更新！

[內容說明:]

轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-ANA-202112-0093

研究人員發現多款HP雷射印表機、多功能事務機及掃描器存在安全漏洞(CVE-2021-39237與CVE-2021-39238)，攻擊者可向受影響設備傳送含有特製字型之惡意檔案，進而在字型解析過程造成緩衝區溢位(Buffer Overflow)，導致攻擊者可遠端執行任意程式碼。

情資分享等級: WHITE(情資內容為可公開揭露之資訊)

此訊息僅發送到「區縣市網路中心」，煩請貴單位協助公告或轉發

[影響平台:]

一、下方機型之韌體版本若為「FutureSmart3：3.9.8(不含)以前版本」、「FutureSmart4：4.11.2.1(不含)以前版本」或「FutureSmart5：5.3(不含)以前版本」，則存在漏洞：

● HP Color LaserJet Enterprise CM4540 MFP series 

● HP Color LaserJet Enterprise Flow MFP M577 

● HP Color LaserJet Enterprise Flow MFP M578 

● HP Color LaserJet Enterprise Flow MFP M680 

● HP Color LaserJet Enterprise Flow MFP M681 

● HP Color LaserJet Enterprise Flow MFP M682 

● HP Color LaserJet Enterprise Flow MFP M776 

● HP Color LaserJet Enterprise Flow MFP M880z 

● HP Color LaserJet Enterprise M455 

● HP Color LaserJet Enterprise M552 

● HP Color LaserJet Enterprise M553 

● HP Color LaserJet Enterprise M555 Printer series 

● HP Color LaserJet Enterprise M651 

● HP Color LaserJet Enterprise M652 

● HP Color LaserJet Enterprise M653 

● HP Color LaserJet Enterprise M750 

● HP Color LaserJet Enterprise M751 series 

● HP Color LaserJet Enterprise M855 Printer series 

● HP Color LaserJet Enterprise M856 

● HP Color LaserJet Enterprise MFP M480 series

● HP Color LaserJet Enterprise MFP M577 

● HP Color LaserJet Enterprise MFP M578 

● HP Color LaserJet Enterprise MFP M680 

● HP Color LaserJet Enterprise MFP M681 

● HP Color LaserJet Enterprise MFP M682 

● HP Color LaserJet Enterprise MFP M776 

● HP Color LaserJet Enterprises CP5525 

● HP Color LaserJet Managed E45028 

● HP Color LaserJet Managed E55040dw 

● HP Color LaserJet Managed E65050/60 

● HP Color LaserJet Managed E75245 

● HP Color LaserJet Managed E85055 

● HP Color LaserJet Managed Flow MFP E57540 

● HP Color LaserJet Managed Flow MFP E67550/60 

● HP Color LaserJet Managed Flow MFP E77822/25/30 

● HP Color LaserJet Managed Flow MFP E87640/50/60 

● HP Color LaserJet Managed Flow MFP M577 

● HP Color LaserJet Managed Flow MFP M680 

● HP Color LaserJet Managed Flow MFP M880zm 

● HP Color LaserJet Managed M553 

● HP Color LaserJet Managed M651 

● HP Color LaserJet Managed MFP E47528 series 

● HP Color LaserJet Managed MFP E57540 

● HP Color LaserJet Managed MFP E67550/60 

● HP Color LaserJet Managed MFP E67650/60 

● HP Color LaserJet Managed MFP E77422-E77428 series 

● HP Color LaserJet Managed MFP E77822/25/30 

● HP Color LaserJet Managed MFP E78223-E78228 series 

● HP Color LaserJet Managed MFP E78323/30 

● HP Color LaserJet Managed MFP E87640/50/60 

● HP Color LaserJet Managed MFP E87640du-E87660du series 

● HP Color LaserJet Managed MFP M577 

● HP Color LaserJet Managed MFP M680 

● HP Color LaserJet Managed MFP M775 

● HP Digital Sender Flow 8500 fn2 Document Capture Workstation 

● HP LaserJet Enterprise 500 color MFP M575 

● HP LaserJet Enterprise 500 color Printer M551 series 

● HP LaserJet Enterprise 500 MFP M525f 

● HP LaserJet Enterprise 600 Printer M601 series 

● HP LaserJet Enterprise 600 Printer M602 series 

● HP LaserJet Enterprise 600 Printer M603 series 

● HP LaserJet Enterprise 700 color MFP M775 

● HP LaserJet Enterprise 700 Printer M712 series 

● HP LaserJet Enterprise color Flow MFP M575 

● HP LaserJet Enterprise Flow MFP M525 

● HP LaserJet Enterprise Flow MFP M527z 

● HP LaserJet Enterprise Flow MFP M630 

● HP LaserJet Enterprise Flow MFP M631 

● HP LaserJet Enterprise Flow MFP M632 

● HP LaserJet Enterprise Flow MFP M633 

● HP LaserJet Enterprise Flow MFP M634 

● HP LaserJet Enterprise Flow MFP M635 

● HP LaserJet Enterprise Flow MFP M636 

● HP LaserJet Enterprise Flow MFP M830 

● HP LaserJet Enterprise M406 

● HP LaserJet Enterprise M407 

● HP LaserJet Enterprise M4555 MFP 

● HP LaserJet Enterprise M506 

● HP LaserJet Enterprise M507 

● HP LaserJet Enterprise M604 series 

● HP LaserJet Enterprise M605 

● HP LaserJet Enterprise M606 series 

● HP LaserJet Enterprise M607 series 

● HP LaserJet Enterprise M608 series 

● HP LaserJet Enterprise M609 series 

● HP LaserJet Enterprise M610 series 

● HP LaserJet Enterprise M611 series 

● HP LaserJet Enterprise M612 series 

● HP LaserJet Enterprise M806 

● HP LaserJet Enterprise MFP M430 series 

● HP LaserJet Enterprise MFP M431 series 

● HP LaserJet Enterprise MFP M527 

● HP LaserJet Enterprise MFP M528 

● HP LaserJet Enterprise MFP M630 

● HP LaserJet Enterprise MFP M631 

● HP LaserJet Enterprise MFP M632 

● HP LaserJet Enterprise MFP M633 

● HP LaserJet Enterprise MFP M634 

● HP LaserJet Enterprise MFP M635 

● HP LaserJet Enterprise MFP M636 

● HP LaserJet Enterprise MFP M725 

● HP LaserJet Managed 500 color MFP M575 

● HP LaserJet Managed 500 MFP M525 

● HP LaserJet Managed color Flow MFP M575 

● HP LaserJet Managed E40040 

● HP LaserJet Managed E50045 

● HP LaserJet Managed E50145 

● HP LaserJet Managed E60055/65/75 series 

● HP LaserJet Managed Flow MFP E52545c 

● HP LaserJet Managed Flow MFP E62555/65/75 

● HP LaserJet Managed Flow MFP E62675 

● HP LaserJet Managed Flow MFP E72525/30/35 

● HP LaserJet Managed Flow MFP E82540/50/60 

● HP LaserJet Managed Flow MFP M525 

● HP LaserJet Managed Flow MFP M527z 

● HP LaserJet Managed Flow MFP M630 

● HP LaserJet Managed Flow MFP M830 

● HP LaserJet Managed M506 

● HP LaserJet Managed M605 series 

● HP LaserJet Managed MFP E42540 series 

● HP LaserJet Managed MFP E52545 

● HP LaserJet Managed MFP E52645 

● HP LaserJet Managed MFP E62555/65 

● HP LaserJet Managed MFP E62655/65 

● HP LaserJet Managed MFP E72425/30 

● HP LaserJet Managed MFP E72525/30/35 

● HP LaserJet Managed MFP E82540/50/60 

● HP LaserJet Managed MFP E82540/50/60du series 

● HP LaserJet Managed MFP M527 

● HP LaserJet Managed MFP M630 

● HP LaserJet Managed MFP M725 

● HP OfficeJet Enterprise Color MFP X585 

● HP OfficeJet Enterprise Color X555 

● HP OfficeJet Managed Color MFP X585 

● HP PageWide Color 755 

● HP PageWide Color MFP 774 

● HP PageWide Color MFP 779 

● HP PageWide Enterprise Color 556 

● HP PageWide Enterprise Color 765 

● HP PageWide Enterprise Color Flow MFP 586z 

● HP PageWide Enterprise Color Flow MFP 780f 

● HP PageWide Enterprise Color Flow MFP 785 

● HP PageWide Enterprise Color MFP 586 

● HP PageWide Enterprise Color MFP 780 

● HP PageWide Managed Color E55650 

● HP PageWide Managed Color E75160 

● HP PageWide Managed Color Flow MFP E58650z 

● HP PageWide Managed Color Flow MFP E77650/60z 

● HP PageWide Managed Color Flow MFP E77660z 

● HP PageWide Managed Color MFP E58650dn 

● HP PageWide Managed Color MFP E77650 

● HP PageWide Managed Color MFP P77440 

● HP PageWide Managed Color MFP P77940/50/60 

● HP PageWide Managed Color P75250 

● HP PageWide Managed P55250dw Printer series 

● HP PageWide Managed P57750dw Multifunction Printer 

● HP Scanjet Enterprise 8500 FN1 Document Capture Workstation series 

● HP ScanJet Enterprise Flow N9120 fn2 Document Scanner 

二、下方機型之韌體版本若為2142A(不含)以前版本，則存在漏洞： 

● HP PageWide 352dw Printer 

● HP PageWide 377dw Multifunction Printer 

● HP PageWide Pro 452dn Printer series 

● HP PageWide Pro 452dw Printer series 

● HP PageWide Pro 477dn Multifunction Printer series 

● HP PageWide Pro 477dw Multifunction Printer series 

● HP PageWide Pro 552dw Printer series 

● HP PageWide Pro 577 Multifunction Printer series 

三、下方機型之韌體版本若為20211109(不含)以前版本，則存在漏洞： 

● HP Color LaserJet Pro M154 

● HP Color LaserJet Pro M253, M254 

● HP Color LaserJet Pro MFP M180, M181 

● HP Color LaserJet Pro MFP M280, M281

[建議措施:]

HP官方已針對這些漏洞釋出更新程式，請各機關聯絡設備維護廠商或參考以下網址進行更新：1.https://support.hp.com/us-en/document/ish_5000383-5000409-16

2.https://support.hp.com/us-en/document/ish_5000124-5000148-16

[參考資料:]
1. https://support.hp.com/us-en/document/ish_5000383-5000409-16
2. https://support.hp.com/us-en/document/ish_5000124-5000148-16
3. https://thehackernews.com/2021/11/critical-wormable-security-flaw-found.html

(此通報僅在於告知相關資訊，並非為資安事件)