Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.

**hp-concentra-wrapper-portlet**

 Actions

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.

Severity

Medium

HP Reference

HPSBPI03813 rev. 2

Release date

October 26, 2022

Last updated

November 14, 2022

Category

Print

Potential Security Impact

Denial of Service

**Relevant common vulnerabilities and exposures (CVE) list**

**Reported by**: Nuri Song(noor2ro) and Yujin Kim(@jjini) working with RedAlert.

List of CVE IDs    

CVE ID

CVSS

Severity

Vector

CVE-2022-43780

5.3

Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2022-0075

**Resolution**

Update the printer firmware.

HP has provided an updated firmware resolution for potentially affected products listed in the table below. To obtain the updated firmware, go to the HP Customer Support - Software and Driver Downloads, and then search for your printer model.

**Affected products and updated firmware**

Identify the affected products and updated firmware in the table below.

Affected products   

Product Name

Product Number

Updated Firmware Version

HP ENVY 5000 All-in-One Printer series

M2U85B, Z4A59A, Z4A71A, M2U91B, Z4A69A, M2U92B, Z4A70A, M2U94B, Z4A73A, Z4A74A, M2U91A, M2U92A, M2U85A, M2U94A, Z4A54A, Z4A60A, Z4A61A, Z4A61B

003.2237A or higher

HP DeskJet Ink Advantage 5000 All-in-One Printer series

M2U86A, M2U86B, M2U86C, M2U87A, M2U87B, M2U88B, M2U89B

003.2237A or higher

HP OfficeJet 5200 All-in-One Printer series

M2U81A, Z4B29A, M2U81B, Z4B27A, M2U82B, Z4B28A, M2U84B, M2U82A, M2U75A, M2U84A, Z4B12A, Z4B13A, Z4B14A, Z4B18A

003.2237A or higher

HP DeskJet Ink Advantage 5200 All-in-One Printer series

M2U76A, M2U77A

003.2237A or higher

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial release

October 26, 2022

2

Updated bulletin attribution

November 14, 2022

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2022 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2022-43780: Certain HP ENVY, OfficeJet, DeskJet printers - Potential denial of service

HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.

 

 Loading...

Skip to page contentSkip to chat

Skip to page contentSkip to chat

CVE-2022-38656: Knowledge Article View HCL - Customer Support

Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.

HP ENVY TE01-0xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP ENVY TE01-1xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP ENVY TE01-2xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP Pavilion Gaming TG01-0xxxa

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP Pavilion Gaming TG01-1xxxa

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP Pavilion Gaming TG01-0xxxi

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP Pavilion Gaming TG01-1xxxi

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP Pavilion Gaming TG01-2xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP Pavilion TP01-0xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP Pavilion TP01-1xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

HP ENVY TE01-2xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN by HP 880-0xx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN by HP 880-1xx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN by HP 880-5xx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN Desktop PC 30L GT13-0xxxa

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN Desktop PC 30L GT13-0xxxi

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN Desktop PC 30L GT13-1xxxi

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN Desktop PC 25L GT11-0xxxa

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN Desktop PC 25L GT11-0xxxi

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN Desktop PC 25L GT12-0xxxa

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN Desktop PC 25L GT12-0xxxi

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN 25L Desktop PC GT12-1000i

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN 25L Desktop PC GT11-1000i

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN X by HP P1000-0xx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN by HP Obelisk 875-0xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN by HP Obelisk 875-1xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN by HP 873-0xxx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN X by HP 900-1xx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

OMEN X by HP 900-2xx

OMEN Gaming Hub SDK Package

1.0.44

Rev 1

SP114076

https://ftp.hp.com/pub/softpaq/sp114001-114500/sp114076.exe

CVE-2021-3437: OMEN Gaming Hub Escalation of Privilege and Denial of Service for Certain OMEN PCs

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

HP Color LaserJet Enterprise Flow MFP M578

HP Color LaserJet Enterprise MFP M578

7ZU85A, 7ZU86A, 7ZU87A, 7ZU88A

FS5: 5.3 or higher

HP Color LaserJet Enterprise MFP M577

HP Color LaserJet Enterprise Flow MFP M577

B5L46A, B5L47A, B5L48A, B5L54A

FS5: 5.3 or higher

HP Color LaserJet Enterprise MFP M681

HP Color LaserJet Enterprise Flow MFP M681

J8A10A, J8A11A J8A12A, J8A13A

FS5: 5.3 or higher

HP Color LaserJet Enterprise MFP M682

HP Color LaserJet Enterprise Flow MFP M682

J8A16A, J8A17A

FS5: 5.3 or higher

HP Color LaserJet Enterprise MFP M776

HP Color LaserJet Enterprise Flow MFP M776

T3U55A, T3U56A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP M577

HP Color LaserJet Managed Flow MFP M577

B5L49A, B5L50A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M430 series

3PZ55A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M431 series

3PZ56A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M527

HP LaserJet Enterprise Flow MFP M527z

F2A76A, F2A77A, F2A78A,F2A81A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M631

HP LaserJet Enterprise Flow MFP M631

J8J63A, J8J64A, J8J65A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M632

HP LaserJet Enterprise Flow MFP M632

J8J70A, J8J71A, J8J72A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M633

HP LaserJet Enterprise Flow MFP M633

J8J76A, J8J78A  

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M634

HP LaserJet Enterprise Flow MFP M634

7PS94A, 7PS95A, 7PS96A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M635

HP LaserJet Enterprise Flow MFP M635

7PS97A, 7PS98A, 7PS99A

FS5: 5.3 or higher

HP LaserJet Enterprise MFP M636

HP LaserJet Enterprise Flow MFP M636

7PT00A, 7PT01A

FS5: 5.3 or higher

HP LaserJet Managed MFP M527

HP LaserJet Managed Flow MFP M527z

F2A79A, F2A80A

FS5: 5.3 or higher

HP PageWide Color MFP 774

4PZ43A, 4PA44A

FS5: 5.3 or higher

HP PageWide Color MFP 779

4PZ45A, 4PZ46A

FS5: 5.3 or higher

HP PageWide Enterprise Color Flow MFP 785

J7Z11A, J7Z12A

FS5: 5.3 or higher

HP PageWide Enterprise Color MFP 586

HP PageWide Enterprise Color Flow MFP 586z

G1W39A, G1W40A, G1W41A

FS5: 5.3 or higher

HP PageWide Enterprise Color MFP 780

HP PageWide Enterprise Color Flow MFP 780f

J7Z09A, J7Z10A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E47528 series

3QA75A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E57540

HP Color LaserJet Managed Flow MFP E57540

3GY25A, 3GY26A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E67550/60

HP Color LaserJet Managed Flow MFP E67550/60

L3U66A, L3U67A, L3U69A, L3U70A,

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E67650/60

3GY31A, 3GY32A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E77422-E77428 series

5CM75A, 5CM76A, 5CM77A, 5CM78A, 5CM79A, 5RC91A, 5RC92A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E77822/25/30

HP Color LaserJet Managed Flow MFP E77822/25/30

X3A77A, X3A80A, X3A83A, Z8Z01A, Z8Z0A, Z8Z05A, X3A78A, X3A81A, X3A84A, Z8Z00A, Z8Z02A, Z8Z04A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E78223-E78228 series

8GS12A, 8GS13A, 8GS14A, 8GS15A, 8GS36A, 8GS37A, 8GS43A, 8GS44A, 8GS50A, 17F27AW, 19GSAW,

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E78323/30

8GS00A, 8GS01A, 8GS25A, 8GS26A, 8GS27A, 8GS28A, 8GS29A, 8GS30A, 8GR94A, 8GR95A,8GR96A, 8GR97A, 8GR98A, 8GR99A, 8PE94A, 8PE95A, 8PE96A, 8PE97A, 8PE98A, 9RT91A, 9RT92A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E87640/50/60

HP Color LaserJet Managed Flow MFP E87640/50/60

X3A86A, X3A87A,X3A89A, X3A90A, X3A92A, X3A93A, Z8Z12A, Z8Z13A, Z8Z14A, Z8Z15A, Z8Z16A, Z8Z17A, 5CM63A, 5CM64A, 5CM65A, 5CM66A, 5RC87A, 5FM80A, 5FM81A, 5FM82A

FS5: 5.3 or higher

HP Color LaserJet Managed MFP E87640du-E87660du series

5CM63A, 5CM64A, 5CM65A, 5CM66A, 5FM80A, 5FM81A, 5FM82A, 5RC86A, 5RC87A, 5RC88A

FS5: 5.3 or higher

HP LaserJet Managed MFP E42540 series

3PZ75A

FS5: 5.3 or higher

HP LaserJet Managed MFP E52545

HP LaserJet Managed Flow MFP E52545c

3GY19A, 3GY20A

FS5: 5.3 or higher

HP LaserJet Managed MFP E52645

1PS54A, 1PS55A

FS5: 5.3 or higher

HP LaserJet Managed MFP E62555/65

HP LaserJet Managed Flow MFP E62555/65/75

J8J66A, J8J67A, J8J73A, J8J74A, J8J79A, J8J80A

FS5: 5.3 or higher

HP LaserJet Managed MFP E62655/65

HP LaserJet Managed Flow MFP E62675

3GY14A, 3GY15A, 3GY16A, 3GY17A, 3GY18A

FS5: 5.3 or higher

HP LaserJet Managed MFP E72425/30

5CM68A, 5CM69A, 5CM70A, 5CM71A, 5CM72A, 5RC89A, 5RC90A

FS5: 5.3 or higher

HP LaserJet Managed MFP E72525/30/35

HP LaserJet Managed Flow MFP E72525/30/35

X3A59A, X3A60A,X3A62A, X3A63A, X3A65A, X3A66A, Z8Z06A, Z8Z07A, Z8Z08A, Z8Z09A, Z8Z010A, Z8Z011A

FS5: 5.3 or higher

HP LaserJet Managed MFP E82540/50/60

HP LaserJet Managed Flow MFP E82540/50/60

X3A68A, X3A69A, X3A71A, X3A72A, X3A74A, X3A75A, X3A79A, X3A82A, Z8Z18A, Z8Z19, AZ8Z20A, Z8Z22A, Z8Z23A

FS5: 5.3 or higher

HP LaserJet Managed MFP E82540/50/60du series

5CM59A, 5RC83A, 5FM76A, 5CM58A, 5RC84A, 5FM77A, 5CM61A, 5RC85A, 5FM78A

FS5: 5.3 or higher

HP PageWide Managed Color MFP E58650dn

HP PageWide Managed Color Flow MFP E58650z

L3U42A,L3U43A

FS5: 5.3 or higher

HP PageWide Managed Color MFP E77650

HP PageWide Managed Color Flow MFP E77660z

HP PageWide Managed Color Flow MFP E77650/60z

J7Z13A, Z5G79A, J7Z08A, J7Z14A, J7Z05A, Z5G77A, J7Z03A, J7Z07A

FS5: 5.3 or higher

HP PageWide Managed Color MFP P77440

Y3Z60A

FS5: 5.3 or higher

HP PageWide Managed Color MFP P77940/50/60

Y3Z61A, Y3Z62A, Y3Z63A, Y3Z64A, Y3Z65A, Y3Z66A, Y3Z68A, 2GP22A, 2GP23A, 2GP25A, 2GP26A, 5ZN98A, 5ZN99A, 5ZP00A, 5ZP01A

FS5: 5.3 or higher

HP Digital Sender Flow 8500 fn2

Document Capture Workstation

L2762A

FS5: 5.3 or higher

HP ScanJet Enterprise Flow N9120 fn2

Document Scanner

L2763A

FS5: 5.3 or higher

CVE-2021-3821: Certain HP FutureSmart Products – Denial of Service

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.

**hp-concentra-wrapper-portlet**

 Actions

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.

Severity

Medium

HP Reference

HPSBGN03761 Rev. 1

Release date

January 18, 2022

Last updated

January 18, 2022

Category

PC

Potential Security Impact

Escalation of Privilege, Denial of Service

**Relevant Common Vulnerabilities and Exposures (CVE) List**

Reported by: Matt Culbert

List of CVE IDs    

CVE ID

Base Score

Base Vector

Vendor ID

CVE-2021-3919

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

HP

PSR-2021-0155

**Resolution**

HP has identified affected platforms that mitigate the potential vulnerabilities. See the affected platforms listed below.

OMEN Gaming Hub has released a resolution for this issue on December 15, 2021 to the Microsoft Store in version 1101.2112.1.0 or later. To resolve, open Microsoft Store and download all available updates or use the link in the References section.

HP Command Center has released a resolution for this issue on January 14, 2022 to the Microsoft Store in version 1.10.30.0 or later. To resolve, open Microsoft Store and download all available updates or use the link in the References section.

HP recommends keeping your system up to date with the latest software.

Note:

This bulletin might be updated when new information is available. Sign up for HP Subscriptions to be notified and receive:

*   Product support eAlerts
    
*   Driver updates
    
*   Security Bulletin updates
    

**Softpaqs and affected products**

Find the SoftPaqs that resolve the vulnerabilities of your system.

SoftPaq Status

A status is provided if no SoftPaq is listed for a particular product.

*   **Pending**: SoftPaq is in progress.
    
*   **Under investigation**: System under investigation for impact, or the SoftPaq is under investigation for feasibility/availability.
    
*   **Not available**: SoftPaq not available due to technical or logistical constraints.
    
*   **Check Support Page**: The listed SoftPaq has been removed from the download site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site.
    

**Affected products**

Identify the affected products by category of PC.

**Mobile Workstation PCs**

*   HP ZHAN 99 G2 Mobile Workstation
    

**Home Notebook PCs**

*   HP ENVY 14-eb0xxx
    
*   HP ENVY 14-eb1xxx, 14t-eb100
    
*   HP ENVY 15-ep0xxx, 15t-ep000
    
*   HP ENVY 15-ep1xxx, 15t-ep100
    
*   HP ENVY 17-ch0xxx, 17t-ch000
    
*   HP ENVY 17-ch1xxx, 17t-ch100
    
*   HP ENVY 17m-ch0xxx
    
*   HP ENVY 17m-ch1xxx
    
*   HP ENVY x360 13-ay1xxx, 13z-ay100
    
*   HP ENVY x360 13-bd1xxx, 13t-bd100
    
*   HP ENVY x360 13m-bd1xxx
    
*   HP ENVY x360 15-ee1xxx, 15z-ee100
    
*   HP ENVY x360 15-es0xxx, 15t-es000
    
*   HP ENVY x360 15-es1xxx, 15t-es100
    
*   HP ENVY x360 15-eu0xxx
    
*   HP ENVY x360 15m-es0xxx
    
*   HP ENVY x360 15m-eu0xxx
    
*   HP Pavilion Gaming 15-dk0xxx, 15t-dk000
    
*   HP Pavilion Gaming 15-dk1xxx
    
*   HP Pavilion Gaming 15-dk2xxx
    
*   HP Pavilion Gaming 15-ec0xxx
    
*   HP Pavilion Gaming 15-ec1xxx
    
*   HP Pavilion Gaming 15-ec2xxx
    
*   HP Pavilion Gaming 16-a0xxx, 16t-a000
    
*   HP Pavilion Gaming 17-cd0xxx, 17t-cd000
    
*   HP Pavilion Gaming 17-cd1xxx
    
*   HP Pavilion Gaming 17-cd2xxx
    
*   HP Spectre Folio 13-ak1xxx, 13t-ak100
    
*   HP Spectre x360 13-aw0xxx, 13t-aw000
    
*   HP Spectre x360 13-aw2xxx, 13t-aw200
    
*   HP Spectre x360 14-ea0xxx, 14t-ea000
    
*   HP Spectre x360 14-ea2xxx
    
*   HP Spectre x360 15-eb0xxx, 15t-eb000
    
*   HP Spectre x360 15-eb1xxx, 15t-eb100
    
*   HP Spectre x360 16-f0xxx
    
*   OMEN 15-ce0xx
    
*   OMEN 15-ce1xx
    
*   OMEN 15-dc0xxx
    
*   OMEN 15-dc1xxx
    
*   OMEN 15-dc2xxx, 15t-dc200
    
*   OMEN 15-dh0xxx, 15t-dh000
    
*   OMEN 15-dh1xxx, 15t-dh100
    
*   OMEN 15-ek0xxx
    
*   OMEN 15-ek1xxx
    
*   OMEN 15-en0xxx, 15z-en000
    
*   OMEN 15-en1xxx
    
*   OMEN 17-an0xx
    
*   OMEN 17-an1xx
    
*   OMEN 17-cb0xxx, 17t-cb000
    
*   OMEN 17-cb1xxx, 17t-cb100
    
*   OMEN Gaming 16-b0xxx
    
*   OMEN Gaming 16-c0xxx
    
*   OMEN Gaming 17-ck0xxx
    
*   OMEN X by HP 2S 15-dg0xxx, 15t-dg000
    
*   VICTUS by HP Gaming 16-d0xxx
    
*   VICTUS by HP Gaming 16-e0xxx
    

**Home Desktop PCs**

*   HP ENVY All-in-One 34-c0xxx
    
*   HP Pavilion Gaming TG01-0xxx
    
*   HP Pavilion Gaming TG01-1xxx
    
*   HP Pavilion Gaming TG01-2xxx
    
*   OMEN by HP Desktop 873-0xxx
    
*   OMEN by HP Desktop 880-0xx
    
*   OMEN by HP Desktop 880-1xx
    
*   OMEN by HP Desktop 880-5xx
    
*   OMEN by HP Obelisk Desktop 875-0xxx
    
*   OMEN by HP Obelisk Desktop 875-1xxx
    
*   OMEN Desktop 25L GT11-0xxx
    
*   OMEN Desktop 25L GT11-1xxx
    
*   OMEN Desktop 25L GT12-0xxx
    
*   OMEN Desktop 25L GT12-1xxx
    
*   OMEN Desktop 30L GT13-0xxx
    
*   OMEN Desktop 30L GT13-1xxx
    
*   OMEN Desktop 40L GT21-0xxx
    
*   OMEN Gaming Desktop 45L GT22-0xxx
    
*   OMEN X by HP Desktop 900-1xx
    
*   OMEN X by HP Desktop 900-2xx
    
*   OMEN X by HP Desktop P1000-0xx
    

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial Release

January 18, 2022

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2022 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2021-3919: OMEN Gaming Hub and HP Command Center January 2022 security update

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.

CVE-2022-22488: IBM OpenBMC denial of service CVE-2022-22488 Vulnerability Report

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.

Severity

Medium

HP Reference

HPSBPI03807 rev. 1

Release date

August 22, 2022

Last updated

August 22, 2022

Category

Print

Potential Security Impact

Denial of Service

**Relevant Common Vulnerabilities and Exposures (CVE) List**

Reported by: Andras Nagy

List of CVE IDs    

CVE ID

CVSS

Severity

Vector

CVE-2022-2794

5.3

Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2022-0038

**Resolution**

HP has provided firmware updates for potentially affected products listed in the table below.

To obtain the updated firmware listed below, go to the HP Software and Driver Downloads and search for your printer model.

**Affected products and updated firmware**

Find the products affected and the firmware version that resolves the vulnerabilities.

Affected products    

Product Name

Product Number

Updated Firmware Version

HP PageWide 352dw Printer

J6U57A

2228B or higher

HP PageWide 377dw Multifunction Printer

J9V80A

2228B or higher

HP PageWide Managed P55250dw Printer series

J6U55A, J6U51B, J6U55B

2228B or higher

HP PageWide Managed P57750dw Multifunction Printer

J9V82A

2228B or higher

HP PageWide Pro 452dn Printer series

D3Q15A

2228B or higher

HP PageWide Pro 452dw Printer series

D3Q16A

2228B or higher

HP PageWide Pro 477dn Multifunction Printer series

D3Q19A

2228B or higher

HP PageWide Pro 477dw Multifunction Printer series

D3Q20A

2228B or higher

HP PageWide Pro 552dw Printer series

D3Q17A

2228B or higher

HP PageWide Pro 577 Multifunction Printer series

D3Q21A, K9Z76A

2228B or higher

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial release

August 22, 2022

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2022 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2022-2794: Certain HP PageWide Pro printers - Potential denial of service

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2022-016 CVE: CVE-2022-37897, CVE-2022-37898, CVE-2022-37899, CVE-2022-37900, CVE-2022-37901, CVE-2022-37902, CVE-2022-37903, CVE-2022-37904, CVE-2022-37905, CVE-2022-37906, CVE-2022-37907, CVE-2022-37908, CVE-2022-37909, CVE-2022-37910, CVE-2022-37911, CVE-2022-37912 Publication Date: 2022-Oct-25 Status: Confirmed Severity: Critical Revision: 1 Title ===== ArubaOS Multiple Vulnerabilities Overview ======== Aruba has released patches for ArubaOS that address multiple security vulnerabilities. Affected Products ================= - Aruba Mobility Conductor (formerly Mobility Master) - Aruba Mobility Controllers - WLAN Gateways and SD-WAN Gateways managed by Aruba Central Affected Software Versions: - ArubaOS 6.5.4.x : ArubaOS 6.5.4.22 and below - ArubaOS 8.6.x.x : ArubaOS 8.6.0.17 and below - ArubaOS 8.7.x.x : ArubaOS 8.7.1.9 and below - ArubaOS 10.3.x.x : 10.3.0.0 - SD-WAN 8.7.0.0-2.3.0.x : 8.7.0.0-2.3.0.6 and below The following ArubaOS and SD-WAN software versions that are End of Life should be considered to be affected by these vulnerabilities and are not patched by this advisory: - ArubaOS 8.4.x.x : all - ArubaOS 8.5.x.x : all - ArubaOS 8.8.x.x : all - ArubaOS 8.9.x.x : all - SD-WAN 8.5.0.0-2.1.x.x : all - SD-WAN 8.6.0.4-2.2.x.x : all Details ======= Command Injection in the PAPI protocol (CVE-2022-37897) --------------------------------------------------------------------- There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Internal References: ATLWL-249 Severity: Critical CVSSv3 Overall Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Workaround: Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed. Authenticated Arbitrary Remote Command Execution (CVE-2022-37898, CVE-2022-37899, CVE-2022-37900, CVE-2022-37901, CVE-2022-37902, CVE-2022-37912) --------------------------------------------------------------------- Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Internal References: ATLWL-164, ATLWL-202, ATLWL-207, ATLWL-223, ATLWL-235, ATLWL-270 Severity: High CVSSv3 Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) and Nikita Abramov of Positive Technologies via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Authenticated Remote Command Execution via Arbitrary File Write (CVE-2022-37903) --------------------------------------------------------------------- A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system. Internal Reference: ATLWL-238 Severity: High CVSSv3 Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Jens Krabbenhoeft via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS web interface from all untrusted users. Authenticated Boot Sequence Modification in ArubaOS (CVE-2022-37904, CVE-2022-37905) --------------------------------------------------------------------- Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. Internal References: ATLWL-129, ATLWL-130 Severity: Medium CVSSv3 Overall Score: 6.6 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Nicholas Starke of Aruba Threat Labs. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Authenticated Path Traversal in ArubaOS Command Line Interface (CVE-2022-37906) --------------------------------------------------------------------- An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. Internal References: ATLWL-231 Severity: Medium CVSSv3 Overall Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Discovery: This vulnerability was discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Denial of Service in ArubaOS Bootloader (CVE-2022-37907) --------------------------------------------------------------------- A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. Internal Reference: ATLWL-132 Severity: Medium CVSSv3 Overall Score: 5.8 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H Discovery: This vulnerability was discovered and reported by Nicholas Starke of Aruba Threat Labs. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Authenticated Compromise of Bootloader Integrity (CVE-2022-37908) --------------------------------------------------------------------- An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. Internal References: ATLWL-131 Severity: Medium CVSSv3 Overall Score: 5.8 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N Discovery: This vulnerability was discovered and reported by Nicholas Starke of Aruba Threat Labs. Workaround: Block access to the ArubaOS command line interface from all untrusted users. ArubaOS Sensitive Information Disclosure (CVE-2022-37909) --------------------------------------------------------------------- Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. Internal Reference: ATLWL-280 Severity: Medium CVSSv3 Overall Score: 5.3 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Discovery: This vulnerability was discovered by Aruba TAC. Workaround: None Authenticated Buffer Overflow in ArubaOS Command Line Interface Causes Denial of Service (CVE-2022-37910) --------------------------------------------------------------------- A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system. Internal Reference: ATLWL-236 Severity: Medium CVSSv3 Overall Score: 4.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Authenticated XML External Entity (XXE) Vulnerability leads to Arbitrary File Read and Denial of Service (CVE-2022-37911) --------------------------------------------------------------------- Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. Internal Reference: ATLWL-232 Severity: Low CVSSv3 Overall Score: 3.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Resolution ========== Upgrade Mobility Controllers and Gateways to one of the following ArubaOS versions (as applicable) to resolve all the vulnerabilities described in the details section: - ArubaOS 6.5.4.x: 6.5.4.23 and above - ArubaOS 8.6.x: 8.6.0.18 and above - ArubaOS 8.7.x: 8.7.1.10 and above - ArubaOS 8.10.x: 8.10.0.0 and above - ArubaOS 10.3.x: 10.3.0.1 and above - SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above Aruba does not evaluate or patch ArubaOS branches that have reached their End of Support (EoS) milestone. For more information about Aruba's End of Support policy visit: https://www.arubanetworks.com/support-services/end-of-life/ Workaround ========== In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code that target these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2022-Oct-25 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at: https://www.arubanetworks.com/support-services/security-bulletins/ For reporting \*NEW\* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2022 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmNPAvYXHHNpcnRAYXJ1 YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtlYbggAqFFpy5+FXhntGWa0HOWqMIGf cVt9AxmasLbNkx6bDGN1krgSg35TgaAi7/NoxQcAn2JoPh3Jewec9uMvfO8LPB2B pLd8fdp28Obk1AOMUSs13FMW6XRz1W5uw9avCkn8uVwDc3tivQ1IGwOcOtHZ1ea6 9GndfCOzHBklYalXgdr8IS1UzCWAG12QGkXYroUFlJ17khdo53bV8JK/2TfdbFMz 9pqZlne82qvuRxy4Tl6j/B9hb9KSijblE9e10k4YNpOIdoMLsNMI91YCxSMID/LY HXPEcVnC/dPOg1cRF3rbjqMAxc/Ma9aHfsa9jjsbkY6xxDw1GVjM/dJDZlex6Q== =0Kfn -----END PGP SIGNATURE-----

CVE-2022-37897

A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2022-018 CVE: CVE-2022-37919, CVE-2022-37920, CVE-2022-37921, CVE-2022-37922, CVE-2022-37923, CVE-2022-37924, CVE-2022-37925, CVE-2022-37926, CVE-2022-43518, CVE-2022-43541, CVE-2022-43542, CVE-2022-44532, CVE-2022-44533 Publication Date: 2022-Nov-22 Status: Confirmed Severity: High Revision: 1 Title ===== Multiple Vulnerabilities in Aruba EdgeConnect Enterprise Overview ======== Aruba has released patches for Aruba EdgeConnect Enterprise that address multiple security vulnerabilities. Affected Products ================= - Aruba EdgeConnect Enterprise - ECOS 9.2.1.0 and below - ECOS 9.1.3.0 and below - ECOS 9.0.7.0 and below - ECOS 8.3.7.1 and below Versions of Aruba EdgeConnect Enterprise that are end of life are affected by these vulnerabilities unless otherwise indicated. Unaffected Products =================== Any other Aruba products not specifically listed above are not affected by these vulnerabilities. Details ======= Unauthenticated Denial-of-Service (DoS) Condition in Aruba EdgeConnect Enterprise API (CVE-2022-37919) -------------------------------------------------------------- A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests. Internal Reference: ATLSP-2 Severity: High CVSSv3.x Overall Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Discovery: This vulnerability was discovered by Aruba's internal engineering team Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface Leading to Full System Compromise (CVE-2022-37920, CVE-2022-37921, CVE-2022-37922, CVE-2022-37923, CVE-2022-37924, CVE-2022-43541, CVE-2022-43542) --------------------------------------------------------------------- Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Internal References: ATLSP-31, ATLSP-32, ATLSP-36, ATLSP-37, ATLSP-39, ATLSP-41, ATLSP-46 Severity: High CVSSv3 Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Bill Marquette, Daniel Jensen (@dozernz), and Erik De Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Web Management Interface Leading to Full System Compromise (CVE-2022-44533) --------------------------------------------------------------------- A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Internal References: ATLSP-52 Severity: High CVSSv3 Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Erik De Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Reflected Cross Site Scripting Vulnerability (XSS) in Aruba EdgeConnect Enterprise Web Management Interface (CVE-2022-37925) --------------------------------------------------------------------- A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Internal References: ATLSP-35 Severity: Medium CVSSv3 Overall Score: 6.1 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program. Stored Cross Site Scripting Vulnerability (XSS) in EdgeConnect Enterprise Web Management Interface via File Upload (CVE-2022-37926) --------------------------------------------------------------------- A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Internal References: ATLSP-40 Severity: Medium CVSSv3 Overall Score: 5.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Discovery: This vulnerability was discovered and reported by Bill Marquette via Aruba's Bug Bounty Program. Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Web Interface Allows for Arbitrary File Read (CVE-2022-43518) --------------------------------------------------------------------- An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. Internal References: ATLSP-24 Severity: Medium CVSSv3 Overall Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program. Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface Allows for Arbitrary File Read (CVE-2022-44532) --------------------------------------------------------------------- An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. Internal References: ATLSP-29 Severity: Medium CVSSv3 Overall Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Discovery: This vulnerability was discovered and reported by Erik De Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Resolution ========== Upgrade Aruba EdgeConnect Enterprise to one of the following versions to resolve all issues noted in the details section. - Aruba EdgeConnect Enterprise - ECOS 9.2.2.0 and above - ECOS 9.1.4.0 and above - ECOS 9.0.8.0 and above - ECOS 8.3.8.0 and above Aruba does not evaluate or patch product versions that have reached their End of Support (EoS) milestone. Supported versions as of the publication date of this advisory are: - Aruba EdgeConnect Enterprise 9.2.x - Aruba EdgeConnect Enterprise 9.1.x - Aruba EdgeConnect Enterprise 9.0.x - Aruba EdgeConnect Enterprise 8.3.x For more information about Aruba's End of Support policy visit: https://www.arubanetworks.com/support-services/end-of-life/ Workaround ========== To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code that target these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2022-Nov-22 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at: https://www.arubanetworks.com/support-services/security-bulletins/ For reporting \*NEW\* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2022 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmNjx2sXHHNpcnRAYXJ1 YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtl8Ugf+NPYBlbSRZBuitTDhuAA1aqh3 b3Iy08BQK/U7NLHSwHpJUFyv7+at54/Mp57RiruBOvp0xcVpsCzJE+lY6qXtaAaY utQYcXNCcz+8G3gWe7DXrUikMk56k9i/+VDSvQJ1Fn7RCm89iwnHauoVQVi4Kh6u b/vCyCyljWBFNxA2JGjGiKqJbj6tp9ErowwTGqzwyw1TieH5Fzo/lIR4mPvT0itd t7HhQIlCrkSb0nj8qLvG+g25XZ+ToHGOP4Xda5M7ISn4kKxUkpQfjptXR3HgKNOm gG641FqqP3ZGOqwF6dyxslo0JU7Em3zbJIyTC+23fVF9EpARFudrJbspUYHLsA== =ciDp -----END PGP SIGNATURE-----

CVE-2022-37925

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

**Security Bulletin**

  

**Summary**

IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.

**Vulnerability Details**

**CVEID:**   CVE-2016-1000023  
**DESCRIPTION:**   Minimatch is vulnerable to a denial of service, caused by a regular expression of minimatch.js. By using a specially crafted glob pattern, a remote attacker could exploit this vulnerability to cause the application to consume an overly large amount of CPU resources  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/118817 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-41296  
**DESCRIPTION:**   IBM Db2U is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237210 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

**CVEID:**   CVE-2021-21303  
**DESCRIPTION:**   Helm could allow a local authenticated attacker to bypass security restrictions, caused by the failure to sanitized multiple fields in various .yaml files. By sending a specially-crafted request, an attacker could exploit this vulnerability to send deceptive, obscure or alter information to a terminal screen.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196392 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N)

**CVEID:**   CVE-2022-36055  
**DESCRIPTION:**   Helm is vulnerable to a denial of service, caused by a flaw in the strvals package. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause memory panics, and results in a denial of service condition.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235100 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2021-32690  
**DESCRIPTION:**   Helm could allow a remote attacker to obtain sensitive information, caused by improper validation of user-supplied input by the index.yaml file. By gaining access to the chart archives, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.  
CVSS Base score: 6.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203901 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

**CVEID:**   CVE-2022-3172  
**DESCRIPTION:**   Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing an aggregated API server to redirect client traffic to any URL. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to unexpected actions and the client's API server credentials to third parties.  
CVSS Base score: 5.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236344 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)

**CVEID:**   CVE-2022-29526  
**DESCRIPTION:**   Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the Faccessat function when called with a non-zero flags parameter. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain accessible file information, and use this information to launch further attacks against the affected system.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229593 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2022-30633  
**DESCRIPTION:**   Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233146 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-28131  
**DESCRIPTION:**   Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Skip in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233141 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-27664  
**DESCRIPTION:**   Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a closing HTTP/2 server connection to hang, and results in a denial of service condition.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235355 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-41297  
**DESCRIPTION:**   IBM Db2U is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237212 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

**IBM X-Force ID:**   221551  
**DESCRIPTION:**   Helm could allow a remote authenticated attacker to obtain sensitive information, caused by repository credentials being passed to alternate domain. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221551 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

All platforms of the following IBM® Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data refresh levels are affected:

Release

Version

IBM® Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

v3.5 through refresh 10  
v4.0 through refresh 9  
v4.5 through refresh 3

  

**Remediation/Fixes**

IBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data release containing the fix for these issues. It can be applied to any affected fixpack and refresh level of the appropriate release.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

30 Nov 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSC8M7","label":"IBM Db2 Advanced Edition Cartridge for IBM Cloud Pak for Data"},"Component":"","Platform":\[{"code":"PF025","label":"Platform Independent"}\],"Version":"All","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSSAIKN","label":"IBM Db2 Warehouse Cartridge for IBM Cloud Pak for Data"},"Component":"","Platform":\[{"code":"PF025","label":"Platform Independent"}\],"Version":"All","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

Tag

#dos