CVE-2018-5923

Q: What is the severity of CVE-2018-5923?

CVE-2018-5923 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass signature checking in HP enterprise printer solution applications, potentially enabling arbitrary code execution. It affects HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise printers. Attackers could exploit this to take control of affected printers.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to bypass signature checking in HP enterprise printer solution applications, potentially enabling arbitrary code execution. It affects HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise printers. Attackers could exploit this to take control of affected printers.

💻 Affected Systems

Products:

HP LaserJet Enterprise
HP PageWide Enterprise
HP LaserJet Managed
HP OfficeJet Enterprise

Versions: Firmware versions prior to 2018-10-29

Operating Systems: Printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects printers with solution applications feature enabled. Printers must have network connectivity to be exploitable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full printer compromise allowing attackers to execute arbitrary code, intercept print jobs, access network resources, or use printer as pivot point into internal network.

🟠

Likely Case

Printer compromise leading to denial of service, data exfiltration of print jobs, or installation of persistent malware on printer.

🟢

If Mitigated

Limited impact if printers are isolated on separate VLANs with strict network controls and regular firmware updates.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability involves bypassing signature verification, which typically requires low technical sophistication once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released 2018-10-29

Vendor Advisory: https://support.hp.com/us-en/document/c06169434

Restart Required: Yes

Instructions:

1. Access printer web interface. 2. Navigate to firmware update section. 3. Download latest firmware from HP support site. 4. Upload and apply firmware update. 5. Reboot printer after update completes.

🔧 Temporary Workarounds

Disable solution applications

all

Temporarily disable solution applications feature to prevent exploitation

Network segmentation

all

Isolate printers on separate VLAN with strict firewall rules

🧯 If You Can't Patch

Segment printers on isolated network with no internet access
Disable all unnecessary printer services and features

🔍 How to Verify

Check if Vulnerable:

Check firmware version date in printer web interface under System Information. If date is before 2018-10-29, printer is vulnerable.

Check Version:

Not applicable - check via printer web interface or management console

Verify Fix Applied:

Verify firmware version date is 2018-10-29 or later in System Information page.

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update attempts
Unauthorized solution application installations
Printer service restarts

Network Indicators:

Unusual network traffic to/from printers
Attempts to access printer management interfaces from unauthorized sources

SIEM Query:

source="printer_logs" AND (event="firmware_update" OR event="application_install")

📊 Metadata

CVE ID: CVE-2018-5923

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-347

Published: March 27, 2019

Last Updated: November 21, 2024

🔗 References

https://support.hp.com/us-en/document/c06169434 Vendor Advisory
https://support.hp.com/us-en/document/c06169434 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Color Laserjet Cm4540 Mfp Firmware by Hp

Color Laserjet Cp5525 Firmware by Hp

Color Laserjet Enterprise Flow Mfp M681f Firmware by Hp

Color Laserjet Enterprise Flow Mfp M681z Firmware by Hp

Color Laserjet Enterprise Flow Mfp M682z Firmware by Hp

Color Laserjet Enterprise M552 Firmware by Hp

Color Laserjet Enterprise M553 Firmware by Hp

Color Laserjet Enterprise M651 Firmware by Hp

Color Laserjet Enterprise M651 Firmware by Hp

Color Laserjet Enterprise M652dn Firmware by Hp

Color Laserjet Enterprise M652n Firmware by Hp

Color Laserjet Enterprise M653dh Firmware by Hp

Color Laserjet Enterprise M653dn Firmware by Hp

Color Laserjet Enterprise M653x Firmware by Hp

Color Laserjet Enterprise M750 Firmware by Hp

Color Laserjet Enterprise Mfp M577 Firmware by Hp

Color Laserjet Enterprise Mfp M577 Firmware by Hp

Color Laserjet Enterprise Mfp M681dh Firmware by Hp

Color Laserjet Enterprise Mfp M681f Firmware by Hp

Color Laserjet Enterprise Mfp M682dh Firmware by Hp

Color Laserjet M680 Firmware by Hp

Color Laserjet M680 Firmware by Hp

Color Laserjet Managed E55040dw Firmware by Hp

Color Laserjet Managed E65050dn Firmware by Hp

Color Laserjet Managed E65060dn Firmware by Hp

Color Laserjet Managed E65060x Firmware by Hp

Color Laserjet Managed Flow Mfp E57540c Firmware by Hp

Color Laserjet Managed Flow Mfp E67550f Firmware by Hp

Color Laserjet Managed Flow Mfp E67560z Firmware by Hp

Color Laserjet Managed Flow Mfp E77822 Firmware by Hp

Color Laserjet Managed Flow Mfp E77825 Firmware by Hp

Color Laserjet Managed Flow Mfp E77830z Firmware by Hp

Color Laserjet Managed Flow Mfp E87640 Firmware by Hp

Color Laserjet Managed Flow Mfp E87640z Firmware by Hp

Color Laserjet Managed Flow Mfp E87650 Firmware by Hp

Color Laserjet Managed Flow Mfp E87660z Firmware by Hp

Color Laserjet Managed Mfp E57540dn Firmware by Hp

Color Laserjet Managed Mfp E67550dh Firmware by Hp

Color Laserjet Managed Mfp E67560dh Firmware by Hp

Color Laserjet Managed Mfp E77822 Firmware by Hp

Color Laserjet Managed Mfp E77825 Firmware by Hp

Color Laserjet Managed Mfp E77830dn Firmware by Hp

Color Laserjet Managed Mfp E87640 Firmware by Hp

Color Laserjet Managed Mfp E87640dn Firmware by Hp

Color Laserjet Managed Mfp E87650 Firmware by Hp

Color Laserjet Managed Mfp E87660dn Firmware by Hp

Digital Sender Flow 8500 Fn2 Document Capture Workstation Firmware by Hp

Digital Sender Flow 8500 Fn2 Document Capture Workstation Firmware by Hp

Laserjet Enterprise 500 Color Mfp M575dn Firmware by Hp

Laserjet Enterprise 500 Color Mfp M575dn Firmware by Hp

Laserjet Enterprise 500 Mfp M525f Firmware by Hp

Laserjet Enterprise 500 Mfp M525f Firmware by Hp

Laserjet Enterprise 600 M601 Firmware by Hp

Laserjet Enterprise 600 M602 Firmware by Hp

Laserjet Enterprise 600 M603xh Firmware by Hp

Laserjet Enterprise 700 Color Mfp M775 Firmware by Hp

Laserjet Enterprise 700 M712xh Firmware by Hp

Laserjet Enterprise 800 Color M855 Firmware by Hp

Laserjet Enterprise 800 Color M855 Firmware by Hp

Laserjet Enterprise 800 Color Mfp M880 Firmware by Hp

Laserjet Enterprise 800 Color Mfp M880 Firmware by Hp

Laserjet Enterprise Color 500 M551 Firmware by Hp

Laserjet Enterprise Color Flow Mfp M575c Firmware by Hp

Laserjet Enterprise Color Flow Mfp M575c Firmware by Hp

Laserjet Enterprise Flow M830z Mfp Firmware by Hp

Laserjet Enterprise Flow M830z Mfp Firmware by Hp

Laserjet Enterprise Flow Mfp M525c Firmware by Hp

Laserjet Enterprise Flow Mfp M525c Firmware by Hp

Laserjet Enterprise Flow Mfp M630z Firmware by Hp

Laserjet Enterprise Flow Mfp M630z Firmware by Hp

Laserjet Enterprise Flow Mfp M631h Firmware by Hp

Laserjet Enterprise Flow Mfp M632z Firmware by Hp

Laserjet Enterprise Flow Mfp M633z Firmware by Hp

Laserjet Enterprise M4555 Mfp Firmware by Hp

Laserjet Enterprise M506 Firmware by Hp

Laserjet Enterprise M604 Firmware by Hp

Laserjet Enterprise M605 Firmware by Hp