跳到主要內容區
 
   
 
    【漏洞預警】多款HP雷射印表機、多功能事務機及掃描器存在安全漏洞,允許遠端攻擊者執行任意程式碼,請儘速確認並進行更新!

【漏洞預警】多款HP雷射印表機、多功能事務機及掃描器存在安全漏洞,允許遠端攻擊者執行任意程式碼,請儘速確認並進行更新!

作者 : Administrator 發佈日期 : 2021-12-06

 

教育機構ANA通報平台

發佈編號

TACERT-ANA-2021120201124545

發佈時間

2021-12-02 13:45:00

事故類型

ANA-漏洞預警

發現時間

2021-12-02 13:35:00

影響等級

[主旨說明:]【漏洞預警】多款HP雷射印表機、多功能事務機及掃描器存在安全漏洞(CVE-2021-39237與CVE-2021-39238),允許遠端攻擊者執行任意程式碼,請儘速確認並進行更新!

[內容說明:]

轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-ANA-202112-0093
 
研究人員發現多款HP雷射印表機、多功能事務機及掃描器存在安全漏洞(CVE-2021-39237與CVE-2021-39238),攻擊者可向受影響設備傳送含有特製字型之惡意檔案,進而在字型解析過程造成緩衝區溢位(Buffer Overflow),導致攻擊者可遠端執行任意程式碼。
 
情資分享等級: WHITE(情資內容為可公開揭露之資訊)
 
此訊息僅發送到「區縣市網路中心」,煩請貴單位協助公告或轉發

[影響平台:]

一、下方機型之韌體版本若為「FutureSmart3:3.9.8(不含)以前版本」、「FutureSmart4:4.11.2.1(不含)以前版本」或「FutureSmart5:5.3(不含)以前版本」,則存在漏洞:
● HP Color LaserJet Enterprise CM4540 MFP series 
● HP Color LaserJet Enterprise Flow MFP M577 
● HP Color LaserJet Enterprise Flow MFP M578 
● HP Color LaserJet Enterprise Flow MFP M680 
● HP Color LaserJet Enterprise Flow MFP M681 
● HP Color LaserJet Enterprise Flow MFP M682 
● HP Color LaserJet Enterprise Flow MFP M776 
● HP Color LaserJet Enterprise Flow MFP M880z 
● HP Color LaserJet Enterprise M455 
● HP Color LaserJet Enterprise M552 
● HP Color LaserJet Enterprise M553 
● HP Color LaserJet Enterprise M555 Printer series 
● HP Color LaserJet Enterprise M651 
● HP Color LaserJet Enterprise M652 
● HP Color LaserJet Enterprise M653 
● HP Color LaserJet Enterprise M750 
● HP Color LaserJet Enterprise M751 series 
● HP Color LaserJet Enterprise M855 Printer series 
● HP Color LaserJet Enterprise M856 
● HP Color LaserJet Enterprise MFP M480 series
● HP Color LaserJet Enterprise MFP M577 
● HP Color LaserJet Enterprise MFP M578 
● HP Color LaserJet Enterprise MFP M680 
● HP Color LaserJet Enterprise MFP M681 
● HP Color LaserJet Enterprise MFP M682 
● HP Color LaserJet Enterprise MFP M776 
● HP Color LaserJet Enterprises CP5525 
● HP Color LaserJet Managed E45028 
● HP Color LaserJet Managed E55040dw 
● HP Color LaserJet Managed E65050/60 
● HP Color LaserJet Managed E75245 
● HP Color LaserJet Managed E85055 
● HP Color LaserJet Managed Flow MFP E57540 
● HP Color LaserJet Managed Flow MFP E67550/60 
● HP Color LaserJet Managed Flow MFP E77822/25/30 
● HP Color LaserJet Managed Flow MFP E87640/50/60 
● HP Color LaserJet Managed Flow MFP M577 
● HP Color LaserJet Managed Flow MFP M680 
● HP Color LaserJet Managed Flow MFP M880zm 
● HP Color LaserJet Managed M553 
● HP Color LaserJet Managed M651 
● HP Color LaserJet Managed MFP E47528 series 
● HP Color LaserJet Managed MFP E57540 
● HP Color LaserJet Managed MFP E67550/60 
● HP Color LaserJet Managed MFP E67650/60 
● HP Color LaserJet Managed MFP E77422-E77428 series 
● HP Color LaserJet Managed MFP E77822/25/30 
● HP Color LaserJet Managed MFP E78223-E78228 series 
● HP Color LaserJet Managed MFP E78323/30 
● HP Color LaserJet Managed MFP E87640/50/60 
● HP Color LaserJet Managed MFP E87640du-E87660du series 
● HP Color LaserJet Managed MFP M577 
● HP Color LaserJet Managed MFP M680 
● HP Color LaserJet Managed MFP M775 
● HP Digital Sender Flow 8500 fn2 Document Capture Workstation 
● HP LaserJet Enterprise 500 color MFP M575 
● HP LaserJet Enterprise 500 color Printer M551 series 
● HP LaserJet Enterprise 500 MFP M525f 
● HP LaserJet Enterprise 600 Printer M601 series 
● HP LaserJet Enterprise 600 Printer M602 series 
● HP LaserJet Enterprise 600 Printer M603 series 
● HP LaserJet Enterprise 700 color MFP M775 
● HP LaserJet Enterprise 700 Printer M712 series 
● HP LaserJet Enterprise color Flow MFP M575 
● HP LaserJet Enterprise Flow MFP M525 
● HP LaserJet Enterprise Flow MFP M527z 
● HP LaserJet Enterprise Flow MFP M630 
● HP LaserJet Enterprise Flow MFP M631 
● HP LaserJet Enterprise Flow MFP M632 
● HP LaserJet Enterprise Flow MFP M633 
● HP LaserJet Enterprise Flow MFP M634 
● HP LaserJet Enterprise Flow MFP M635 
● HP LaserJet Enterprise Flow MFP M636 
● HP LaserJet Enterprise Flow MFP M830 
● HP LaserJet Enterprise M406 
● HP LaserJet Enterprise M407 
● HP LaserJet Enterprise M4555 MFP 
● HP LaserJet Enterprise M506 
● HP LaserJet Enterprise M507 
● HP LaserJet Enterprise M604 series 
● HP LaserJet Enterprise M605 
● HP LaserJet Enterprise M606 series 
● HP LaserJet Enterprise M607 series 
● HP LaserJet Enterprise M608 series 
● HP LaserJet Enterprise M609 series 
● HP LaserJet Enterprise M610 series 
● HP LaserJet Enterprise M611 series 
● HP LaserJet Enterprise M612 series 
● HP LaserJet Enterprise M806 
● HP LaserJet Enterprise MFP M430 series 
● HP LaserJet Enterprise MFP M431 series 
● HP LaserJet Enterprise MFP M527 
● HP LaserJet Enterprise MFP M528 
● HP LaserJet Enterprise MFP M630 
● HP LaserJet Enterprise MFP M631 
● HP LaserJet Enterprise MFP M632 
● HP LaserJet Enterprise MFP M633 
● HP LaserJet Enterprise MFP M634 
● HP LaserJet Enterprise MFP M635 
● HP LaserJet Enterprise MFP M636 
● HP LaserJet Enterprise MFP M725 
● HP LaserJet Managed 500 color MFP M575 
● HP LaserJet Managed 500 MFP M525 
● HP LaserJet Managed color Flow MFP M575 
● HP LaserJet Managed E40040 
● HP LaserJet Managed E50045 
● HP LaserJet Managed E50145 
● HP LaserJet Managed E60055/65/75 series 
● HP LaserJet Managed Flow MFP E52545c 
● HP LaserJet Managed Flow MFP E62555/65/75 
● HP LaserJet Managed Flow MFP E62675 
● HP LaserJet Managed Flow MFP E72525/30/35 
● HP LaserJet Managed Flow MFP E82540/50/60 
● HP LaserJet Managed Flow MFP M525 
● HP LaserJet Managed Flow MFP M527z 
● HP LaserJet Managed Flow MFP M630 
● HP LaserJet Managed Flow MFP M830 
● HP LaserJet Managed M506 
● HP LaserJet Managed M605 series 
● HP LaserJet Managed MFP E42540 series 
● HP LaserJet Managed MFP E52545 
● HP LaserJet Managed MFP E52645 
● HP LaserJet Managed MFP E62555/65 
● HP LaserJet Managed MFP E62655/65 
● HP LaserJet Managed MFP E72425/30 
● HP LaserJet Managed MFP E72525/30/35 
● HP LaserJet Managed MFP E82540/50/60 
● HP LaserJet Managed MFP E82540/50/60du series 
● HP LaserJet Managed MFP M527 
● HP LaserJet Managed MFP M630 
● HP LaserJet Managed MFP M725 
● HP OfficeJet Enterprise Color MFP X585 
● HP OfficeJet Enterprise Color X555 
● HP OfficeJet Managed Color MFP X585 
● HP PageWide Color 755 
● HP PageWide Color MFP 774 
● HP PageWide Color MFP 779 
● HP PageWide Enterprise Color 556 
● HP PageWide Enterprise Color 765 
● HP PageWide Enterprise Color Flow MFP 586z 
● HP PageWide Enterprise Color Flow MFP 780f 
● HP PageWide Enterprise Color Flow MFP 785 
● HP PageWide Enterprise Color MFP 586 
● HP PageWide Enterprise Color MFP 780 
● HP PageWide Managed Color E55650 
● HP PageWide Managed Color E75160 
● HP PageWide Managed Color Flow MFP E58650z 
● HP PageWide Managed Color Flow MFP E77650/60z 
● HP PageWide Managed Color Flow MFP E77660z 
● HP PageWide Managed Color MFP E58650dn 
● HP PageWide Managed Color MFP E77650 
● HP PageWide Managed Color MFP P77440 
● HP PageWide Managed Color MFP P77940/50/60 
● HP PageWide Managed Color P75250 
● HP PageWide Managed P55250dw Printer series 
● HP PageWide Managed P57750dw Multifunction Printer 
● HP Scanjet Enterprise 8500 FN1 Document Capture Workstation series 
● HP ScanJet Enterprise Flow N9120 fn2 Document Scanner 
 
二、下方機型之韌體版本若為2142A(不含)以前版本,則存在漏洞: 
● HP PageWide 352dw Printer 
● HP PageWide 377dw Multifunction Printer 
● HP PageWide Pro 452dn Printer series 
● HP PageWide Pro 452dw Printer series 
● HP PageWide Pro 477dn Multifunction Printer series 
● HP PageWide Pro 477dw Multifunction Printer series 
● HP PageWide Pro 552dw Printer series 
● HP PageWide Pro 577 Multifunction Printer series 
 
三、下方機型之韌體版本若為20211109(不含)以前版本,則存在漏洞: 
● HP Color LaserJet Pro M154 
● HP Color LaserJet Pro M253, M254 
● HP Color LaserJet Pro MFP M180, M181 
● HP Color LaserJet Pro MFP M280, M281

[建議措施:]

HP官方已針對這些漏洞釋出更新程式,請各機關聯絡設備維護廠商或參考以下網址進行更新:1.https://support.hp.com/us-en/document/ish_5000383-5000409-16
2.https://support.hp.com/us-en/document/ish_5000124-5000148-16

[參考資料:]
1. https://support.hp.com/us-en/document/ish_5000383-5000409-16
2. https://support.hp.com/us-en/document/ish_5000124-5000148-16
3. https://thehackernews.com/2021/11/critical-wormable-security-flaw-found.html

(此通報僅在於告知相關資訊,並非為資安事件)

 

瀏覽數: