HP Printer Firmware Signing Disabled

critical Nessus Plugin ID 58185


The remote printer doesn't require signing of firmware updates.


The remote service's firmware doesn't require signing when performing firmware updates. This can allow an attacker to upload backdoored or otherwise malicious firmware updates.

Note that the printer may have remote firmware updates (RFU) disabled;
this plugin doesn't actively attempt a firmware upgrade to verify.


Update the printer's firmware.

See Also


Plugin Details

Severity: Critical

ID: 58185

File Name: hp_firmware_update.nbin

Version: 1.62

Type: remote

Family: Misc.

Published: 3/1/2012

Updated: 2/14/2022

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.1

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:W/RC:C

CVSS Score Source: CVE-2011-4161

Vulnerability Information

CPE: cpe:/h:hp:color_laserjet, cpe:/h:hp:laserjet, cpe:/h:hp:digital_sender, cpe:/h:hp:color_mfp, cpe:/h:hp:laserjet_enterprise

Exploit Ease: No known exploits are available

Patch Publication Date: 11/30/2011

Vulnerability Publication Date: 11/30/2011

Reference Information

CVE: CVE-2011-4161

BID: 50876

IAVB: 2012-B-0005