VAR-201204-0171
Vulnerability from variot - Updated: 2025-04-11 23:04HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. The HP ProCurve 5400 zl Switch is a network switch developed by Hewlett-Packard. Some flash cards distributed by the switch have malware, which can infect the user's system if the user connects to the flash card. Attackers can exploit this issue to infect a users's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: HP ProCurve 5400 zl Switch Malware Infected Compact Flash Card
SECUNIA ADVISORY ID: SA48738
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48738/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48738
RELEASE DATE: 2012-04-11
DISCUSS ADVISORY: http://secunia.com/advisories/48738/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48738/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48738
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A security issue has been reported in the HP ProCurve 5400 zl Switch, which can be exploited by malicious people to compromise a users's system.
Please see the vendor's advisory for a list of affected models and serial numbers.
SOLUTION: Apply the vendor workaround (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03249176 Version: 2
HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-26 Last Updated: 2012-04-26
Potential Security Impact: Local compromise of system integrity
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity.
References: CVE-2012-0133
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This script will delete the fi(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted. This option is best for customers wanting to maximize the uptime of their network.
Hardware Replacement Option : For those customers who have 5400 zl switch inventory that is not on their network and must be purged, this option allows for the Management Module to be replaced. Also, any customer that feels uncomfortable performing the Software Purge Option can choose the Hardware Replacement Option as well. An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime.
Software Update Option (recommended) : The following Early Availability software update K.15.08.00007 is available which will automatically delete the malware trojan contents on the compact flash card if present. The software update also contains many other features and functionality enhancements for the switch. Note that updating the switch software should always be done with care and with an analysis of any potential impacts. Please refer to the release notes provided with the software update location below.
For Options 1 or 2, please contact HP support:
For customers with an HP Passport account, a web case can be submitted here: https://h10145.www1.hp.com/help/help_questions.aspx?l2id=48&SelectedTab=3
To talk to HP support directly, worldwide telephone numbers are available here: https://h10145.www1.hp.com/help/Help_ContactInfo.aspx?cwp=2&SelectedTab=2
For Option 3, the Early Availability software update K.15.08.00007 is available here:
https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J9533A
The release notes for K.15.08.00007 is available here:
http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c03277372/c03277372.pdf
HISTORY Version:1 (rev.1) - 10 April 2012 Initial Release Version:2 (rev.2) - 26 April 2012 Updated case details and solution choices
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk+ZqmwACgkQ4B86/C0qfVk3EQCdELKvAW0sFV2DNpCn1cajRwTJ 0GAAoJfBY3H5ZeO9qRZvSu5lD933i78M =40Tv -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "procurve switch 5400zl management module",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "id117as00h"
},
{
"model": "procurve switch chassis e5406zl",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch chassis e5412zl",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5412-92g-poe\\+-4sfpzl",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5400zl management module",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "id116as0hr"
},
{
"model": "procurve switch 5400zl management module",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "id116as04p"
},
{
"model": "procurve switch 5412-96gzl",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5406-48gzl",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5406-44g-poe\\+-4sfpzl",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5400zl management module",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "id126as0fb"
},
{
"model": "procurve switch 5406zl-44g-poe\\+\\/2xg sfp\\+ v2",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5400zl",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "procurve switch e5412zl",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5412zl-92g-poe\\+\\/4g sfp\\+ v2",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5412zl-92gg-poe\\+\\/2xg sfp\\+ v2",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch e5406zl",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 5406zl-44g-poe\\+\\/4g sfp\\+ v2",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "hp 5400 zl switch series",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "procurve zl switch series",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5400"
},
{
"model": "management module series zl switch j8726a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5400"
},
{
"model": "e5412 zl switch with premium software j9643a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "e5412 zl switch chassis j8698a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "e5406 zl switch with premium software j9642a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "e5406 zl switch chassis j8697a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "5412zl-92gg-poe+ 2xg sfp+ switch j9532a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "/v2"
},
{
"model": "5412zl-92g-poe+ 4g sfp switch j9540a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "/v2"
},
{
"model": "5412-96g zl switch j8700a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "5412-92g-poe+-4sfp zl switch j9448a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "5406zl-44g-poe+ 4g sfp switch j9539a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "/v2"
},
{
"model": "5406zl-44g-poe+ 2xg sfp+ switch j9533a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "/v2"
},
{
"model": "5406-48g zl switch j8699a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "5406-44g-poe+-4sfp zl switch j9447a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5400zl",
"version": "*"
},
{
"model": "id116as0hr",
"scope": null,
"trust": 0.2,
"vendor": "procurve switch 5400zl management module",
"version": null
},
{
"model": "id116as04p",
"scope": null,
"trust": 0.2,
"vendor": "procurve switch 5400zl management module",
"version": null
},
{
"model": "id117as00h",
"scope": null,
"trust": 0.2,
"vendor": "procurve switch 5400zl management module",
"version": null
},
{
"model": "id126as0fb",
"scope": null,
"trust": 0.2,
"vendor": "procurve switch 5400zl management module",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5406 44g poe 4sfpzl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5406 48gzl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5406zl 44g poe 2xg sfp v2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5406zl 44g poe 4g sfp v2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5412 92g poe 4sfpzl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5412 96gzl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5412zl 92g poe 4g sfp v2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch 5412zl 92gg poe 2xg sfp v2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch chassis e5406zl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch chassis e5412zl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch e5406zl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "procurve switch e5412zl",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"db": "BID",
"id": "52990"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209"
},
{
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hp:procurve_switch_5400zl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "BID",
"id": "52990"
},
{
"db": "PACKETSTORM",
"id": "111785"
},
{
"db": "PACKETSTORM",
"id": "112293"
}
],
"trust": 0.5
},
"cve": "CVE-2012-0133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "CVE-2012-0133",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "VHN-53414",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0133",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-0133",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-209",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-53414",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53414"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209"
},
{
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. The HP ProCurve 5400 zl Switch is a network switch developed by Hewlett-Packard. Some flash cards distributed by the switch have malware, which can infect the user\u0027s system if the user connects to the flash card. \nAttackers can exploit this issue to infect a users\u0027s system. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nHP ProCurve 5400 zl Switch Malware Infected Compact Flash Card\n\nSECUNIA ADVISORY ID:\nSA48738\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48738/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48738\n\nRELEASE DATE:\n2012-04-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48738/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48738/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48738\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in the HP ProCurve 5400 zl Switch,\nwhich can be exploited by malicious people to compromise a users\u0027s\nsystem. \n\nPlease see the vendor\u0027s advisory for a list of affected models and\nserial numbers. \n\nSOLUTION:\nApply the vendor workaround (please see the vendor\u0027s advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03249176\nVersion: 2\n\nHPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2012-04-26\nLast Updated: 2012-04-26\n\nPotential Security Impact: Local compromise of system integrity\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system\u0027s integrity. \n\nReferences: CVE-2012-0133\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This script will delete the fi(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted. This option is best for customers wanting to maximize the uptime of their network. \n\nHardware Replacement Option : For those customers who have 5400 zl switch inventory that is not on their network and must be purged, this option allows for the Management Module to be replaced. Also, any customer that feels uncomfortable performing the Software Purge Option can choose the Hardware Replacement Option as well. An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime. \n\nSoftware Update Option (recommended) : The following Early Availability software update K.15.08.00007 is available which will automatically delete the malware trojan contents on the compact flash card if present. The software update also contains many other features and functionality enhancements for the switch. Note that updating the switch software should always be done with care and with an analysis of any potential impacts. Please refer to the release notes provided with the software update location below. \n\nFor Options 1 or 2, please contact HP support:\n\nFor customers with an HP Passport account, a web case can be submitted here: https://h10145.www1.hp.com/help/help_questions.aspx?l2id=48\u0026SelectedTab=3\n\nTo talk to HP support directly, worldwide telephone numbers are available here: https://h10145.www1.hp.com/help/Help_ContactInfo.aspx?cwp=2\u0026SelectedTab=2\n\nFor Option 3, the Early Availability software update K.15.08.00007 is available here:\n\nhttps://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J9533A\n\nThe release notes for K.15.08.00007 is available here:\n\nhttp://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c03277372/c03277372.pdf\n\nHISTORY\nVersion:1 (rev.1) - 10 April 2012 Initial Release\nVersion:2 (rev.2) - 26 April 2012 Updated case details and solution choices\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk+ZqmwACgkQ4B86/C0qfVk3EQCdELKvAW0sFV2DNpCn1cajRwTJ\n0GAAoJfBY3H5ZeO9qRZvSu5lD933i78M\n=40Tv\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0133"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"db": "BID",
"id": "52990"
},
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53414"
},
{
"db": "PACKETSTORM",
"id": "111777"
},
{
"db": "PACKETSTORM",
"id": "111785"
},
{
"db": "PACKETSTORM",
"id": "112293"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-53414",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53414"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0133",
"trust": 3.8
},
{
"db": "SECUNIA",
"id": "48738",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1026916",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-1862",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064",
"trust": 0.8
},
{
"db": "HP",
"id": "HPSBPV02754",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT100803",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19505",
"trust": 0.6
},
{
"db": "BID",
"id": "52990",
"trust": 0.4
},
{
"db": "IVD",
"id": "F34B8A14-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "111785",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112293",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111777",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"db": "VULHUB",
"id": "VHN-53414"
},
{
"db": "BID",
"id": "52990"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"db": "PACKETSTORM",
"id": "111777"
},
{
"db": "PACKETSTORM",
"id": "111785"
},
{
"db": "PACKETSTORM",
"id": "112293"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209"
},
{
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"id": "VAR-201204-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"db": "VULHUB",
"id": "VHN-53414"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1862"
}
]
},
"last_update_date": "2025-04-11T23:04:14.259000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBPV02754 SSRT100803",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176"
},
{
"title": "Patch for HP ProCurve 5400 zl Switch malware infected flash card vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/15733"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/archive/1/522288"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48738"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1026916"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74819"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0133"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0133"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/48738/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19505"
},
{
"trust": 0.4,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03249176"
},
{
"trust": 0.3,
"url": "http://h17007.www1.hp.com/us/en/products/switches/hp_5400_zl_switch_series/index.aspx"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hzfgyw..t.zjl4.6xk6.bw89mq%5f%5fdklqfsw0"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0133"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.2,
"url": "https://h10145.www1.hp.com/help/help_contactinfo.aspx?cwp=2\u0026selectedtab=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48738"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48738/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://bizsupport1.austin.hp.com/bc/docs/support/supportmanual/c03277372/c03277372.pdf"
},
{
"trust": 0.1,
"url": "https://h10145.www1.hp.com/downloads/softwarereleases.aspx?productnumber=j9533a"
},
{
"trust": 0.1,
"url": "https://h10145.www1.hp.com/help/help_questions.aspx?l2id=48\u0026selectedtab=3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"db": "VULHUB",
"id": "VHN-53414"
},
{
"db": "BID",
"id": "52990"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"db": "PACKETSTORM",
"id": "111777"
},
{
"db": "PACKETSTORM",
"id": "111785"
},
{
"db": "PACKETSTORM",
"id": "112293"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209"
},
{
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"db": "VULHUB",
"id": "VHN-53414"
},
{
"db": "BID",
"id": "52990"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"db": "PACKETSTORM",
"id": "111777"
},
{
"db": "PACKETSTORM",
"id": "111785"
},
{
"db": "PACKETSTORM",
"id": "112293"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209"
},
{
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-13T00:00:00",
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"date": "2012-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-53414"
},
{
"date": "2012-04-10T00:00:00",
"db": "BID",
"id": "52990"
},
{
"date": "2012-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"date": "2012-04-11T07:10:18",
"db": "PACKETSTORM",
"id": "111777"
},
{
"date": "2012-04-12T03:19:35",
"db": "PACKETSTORM",
"id": "111785"
},
{
"date": "2012-04-27T20:33:39",
"db": "PACKETSTORM",
"id": "112293"
},
{
"date": "2012-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-209"
},
{
"date": "2012-04-12T10:45:14.080000",
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1862"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-53414"
},
{
"date": "2012-04-10T00:00:00",
"db": "BID",
"id": "52990"
},
{
"date": "2012-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002064"
},
{
"date": "2012-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-209"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-0133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "52990"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP ProCurve 5400 zl Switch Malware infected flash card vulnerability",
"sources": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design error",
"sources": [
{
"db": "IVD",
"id": "f34b8a14-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-209"
}
],
"trust": 0.8
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.