ITSS-Advisory : MEDIUM : Hewlett-Packard : Printers and Digital Senders : Unauthorised Access to Files

THREAT LEVEL
============
Medium.

INFORMATION
===========
On 04 Feb 2009, Hewlett-Packard released a bulletin describing a vulnerability that
could allow an attacker to access files in certain types of Hewlett-Packard equipment.

The original bulletin from Hewlett-Packard is accessible at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905

AFFECTED PLATFORMS
==================
The following list of equipment and firmware versions are affected:
- HP LaserJet 2410 with firmware prior to 20080819 SPCL112A
- HP LaserJet 2420 with firmware prior to 20080819 SPCL112A
- HP LaserJet 2430 with firmware prior to 20080819 SPCL112A
- HP LaserJet 4250 with firmware prior to 20080819 SPCL015A
- HP LaserJet 4350 with firmware prior to 20080819 SPCL015A
- HP LaserJet 9040 with firmware prior to 20080819 SPCL110A
- HP LaserJet 9050 with firmware prior to 20080819 SPCL110A
- HP LaserJet 4345mfp with firmware prior to 09.120.9
- HP Color LaserJet 4730mfp with firmware prior to 46.200.9
- HP LaserJet 9040mfp with firmware prior to 08.110.9
- HP LaserJet 9050mfp with firmware prior to 08.110.9
- HP 9200C Digital Sender with firmware prior to 09.120.9
- HP Color LaserJet 9500mfp with firmware prior to 08.110.9

ACTION
======
Administrators of affected equipment are advised to review the bulletin, test and
apply relevant updates. Instructions on how to download updates are available in
the bulletin from Hewlett-Packard.