TECHNICAL BULLETIN
TECHNICAL BULLETIN
| PROBLEM: | Multiple HP printers are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input. |
| PLATFORM: | Jetdiret on HP LaserJet printers, HP Color LaserJet printers, and HP Digital Senders are affected. Please see bulletin for full list of affected products. |
| ABSTRACT: | Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. |
| LINKS: | |
| DOE-CIRC BULLETIN: | http://www.doecirc.energy.gov/bulletins/t-247.shtml |
| OTHER LINKS: |
Security Focus http://www.securityfocus.com/bid/36613/info HP Website http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01841397 |
| CVE: |
CVE-2009-2684 |
| IMPACT ASSESSMENT: | This risk is medium. A remote user can access the target user's cookies (including authentication cookies), if any, associated with the HP Printer device, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. |
[***** Start CVE-2009-2684 *****]
Discussion:
Several HP printers do not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the HP Printer device and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Vulnerable:
HP LaserJet P4515 0
HP LaserJet P4015 0
HP LaserJet P4014 0
HP LaserJet P3005n 0
HP LaserJet M9050 MFP 0
HP LaserJet M9040 0
HP LaserJet M5025 0
HP LaserJet M4345x MFP 0
HP LaserJet M3027 0
HP LaserJet 9050n 0
HP LaserJet 9050 MFP 0
HP LaserJet 9040n 0
HP LaserJet 9040 0
HP LaserJet 9040 0
HP LaserJet 5200n 0
HP LaserJet 5035 MFP 0
HP LaserJet 4350n 0
HP LaserJet 4345 MFP 0
HP LaserJet 4250n 0
HP LaserJet 4240 0
HP LaserJet 3035 MFP 0
HP LaserJet 2430n 0
HP LaserJet 2420 0
HP LaserJet 2420 0
HP LaserJet 2410 0
HP LaserJet 2410 0
HP JetDirect J8006E V.36.35
HP JetDirect J8004E V.36.35
HP JetDirect J8003E V.36.35
HP JetDirect J7993E V.36.35
HP JetDirect J7992E V.34.12
HP JetDirect J7991E V.34.60
HP JetDirect J7990E V.33.41
HP JetDirect J7987E V.34.60
HP JetDirect J7982E V.34.08
HP JetDirect J7979E V.33.55
HP JetDirect J7974E V.34.40
HP JetDirect J7973E V.30.31
HP JetDirect J7949E V.28.XX
HP DS9250c Digital Sender 0
HP DS9200c Digital Sender 0
HP Color LaserJet CP6015 0
HP Color LaserJet CP4005n 0
HP Color LaserJet CP3505 0
HP Color LaserJet CM4730 MFP 0
HP Color LaserJet 6040 MFP 0
HP Color LaserJet 4730mfp 0
HP Color LaserJet 4730 MFP 0
HP Color LaserJet 4700n 0
HP Color LaserJet 3800n 0
HP Color LaserJet 3600n 0
HP Color LaserJet 3000n 0
HP CM8050 0
HP 8060 MFP 0
Solution:
The following steps can be taken to limit the exposure to the XSS vulnerabilities.
* set the administrator password
* use a new browser instance for administrator tasks
* do not access other web sites while performing administrator tasks
* exit the browser when administrator tasks are complete
[***** End CVE-2009-2684 *****]
Voice: 866-941-2472
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov