• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.

‎06-26-2014 10:41 AM

HP Recommended

I have an OfficeJet 7500 that is on our network and our most recent Qualys scan show it has OpenSSL Multiple Remote Security Vulnerabilities.

9 REPLIES 9

‎07-10-2014 09:00 AM

HP Recommended

I can now confirm that this is not a fluke, it has shown up on multiple scans and we had several others of the same model that our network security area had not assisnged as ours in Qualys. They have been now and also are flagged. It is not reported as Heartbleed, which I believe would be a full level 5 anyways. This is reported as a level 4.

‎07-31-2014 09:22 AM - edited ‎07-31-2014 09:30 AM

HP Recommended

OpenSSL has fixed the security issue on their end. HP just needs to add it to the firmware. While I have not seen any of our other HP network printers get flagged and I have not heard either here on campus or elsewhere about anyone with similar issues. Despite this I am conviced this is not a isolated incident. I do have one Xerox that got flagged as well. I did have some web servers that also were flagged, but of course I was able to apply the OpenSSL patch directly.

‎08-27-2014 01:14 PM

HP Recommended

There are several man in the middle attacks that can be identified via scanners.  Do you have the specific scan ID  or CVE for the vulnerability?    

I am HP Employee

‎08-27-2014 01:23 PM

HP Recommended

OpenSSL Multiple Remote Security Vulnerabilities port 443/tcp over SSL

‎08-27-2014 02:18 PM - edited ‎08-27-2014 04:27 PM

HP Recommended

 

HP Download Link

http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?os=4063&lc=en&cc=us&dlc=en&sw_lang=&product=4083...

 

Please check on the HP software download site for updates. 

 

 

 

I am HP Employee

‎08-27-2014 02:30 PM

HP Recommended

Thank you

‎10-30-2014 01:06 PM

HP Recommended

I still have not seen an updated firmware.

‎01-05-2015 01:27 PM

HP Recommended

Now Qualys is also showing a level 5 potential of  TLS Protocol Session Renegotiation Security Vulnerability

CVE-2009-3555

‎06-04-2015 10:46 AM

HP Recommended

If we could just turn off the config web page that would be fine.

Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.