HP LaserJet, HP OfficeJet, HP PageWide - Configuring security mitigation settings for Security Bulletin HPSBPI03569 (white paper)
Version 1.0, January 2018 Public
Overview
This document provides instructions for mitigation steps you can take to prevent exposure to the remote code execution
vulnerability (CVE-2017-2750). These instructions apply to HP Enterprise printers and multi-function printers running
FutureSmart version 3 and FutureSmart version 4. Configure the following two settings:
• Set the Local Administrator password for the Embedded Web Server (EWS). A password must be configured before access to
the Solution Installer is permitted.
• Disable the “Allow firmware updates sent as print jobs (Port 9100)” setting in the EWS. This prevents solution packages from
being uploaded through the firmware update method.
Using the Embedded Web Server (EWS)
Set the local administrator password
To allow access to the Solution Installer, follow the steps below to set the local administrator password
for the Embedded Web Server (EWS).
1. Open a web browser and enter the printer IP Address or host name in the browser address
field. If you do not know what the IP Address or host name is, ask your administrator.
Figure 1: Entering the IP Address
NOTE:
If a certificate warning appears, proceed to the printer EWS. A certificate warning is normal
if the printer is using a self-signed certificate.
2. Select the Security tab. By default, General Security will be selected in the left panel.
Figure 2: Selecting the Security tab in the EWS
N
OTE:
If a password is required, click the Sign In button, sign in, and then skip the next two steps.