HP Releases ProCurve 5400 zl Switches Security Bulletin

Friday, April 13, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

US-CERT reports that Hewlett-Packard (HP) has released a security bulletin to address a security vulnerability affecting HP 5400 zl series switches. The switches contain a compact flash card that may be infected with malware.

According to the HP bulletin, "A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity."

The affected products purchased after April 30, 2011 and serial numbers are as follows:

  • J9532A 5412zl-92GG-PoE+ / 2XG SFP+ v2 Switch
  • J9533A 5406zl-44G-PoE+ / 2XG SFP+ v2 Switch
  • J9539A 5406zl-44G-PoE+ / 4G SFP v2 Switch
  • J9540A 5412zl-92G-PoE+ / 4G SFP v2 Switch
  • J9642A HP E5406 zl Switch with Premium Software
  • J9643A HP E5412 zl Switch with Premium Software
  • J8697A HP E5406 zl Switch Chassis
  • J8698A HP E5412 zl Switch Chassis
  • J8699A - HP 5406-48G zl Switch
  • J8700A - HP 5412-96G zl Switch
  • J9447A - HP 5406-44G-PoE+-4SFP zl Switch
  • J9448A - HP 5412-92G-PoE+-4SFP zl Switch
  • J8726A Management Module in the 5400 series zl switch with the following serial numbers:
    • ID116AS04P through ID116AS0HR
    • ID117AS00H through ID126AS0FB

Serial numbers:

  • ID030AS0MZ
  • ID034AS0QP
  • ID049AS0D4
  • ID051AS074
  • ID104AS06S
  • ID110AS0B6
  • ID113AS0HH
  • ID113AS0K2
  • ID113AS0KM
  • ID114AS00V
  • ID114AS02F
  • ID114AS03D
  • ID114AS08N
  • ID114AS0C8
  • ID115AS08P
  • ID115AS097
  • ID115AS0BL

HP advises that the vulnerability can be resolved by either of the two following options:

  1. Software Purge Option : HP provides a script that is run by the switch manager using the ‘show tech custom’ command. This script will delete the file(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted. This option is best for customers wanting to maximize the uptime of their network.

  2. Hardware Replacement Option : For those customers who have 5400 zl switch inventory that is not on their network and must be purged, this option allows for the Management Module to be replaced. Also, any customer that feels uncomfortable performing the Software Purge Option can choose the Hardware Replacement Option as well. An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime.

Please contact HP support for direct assistance acquiring the software purge script or the hardware replacement option: https://h10145.www1.hp.com/help/Help_ContactInfo.aspx?cwp=2&SelectedTab=2

The full HP bulletin can be found here:

Source: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_&ac.admitted=1334254140544.876444892.199480143

Possibly Related Articles:
13691
Network->General
malware Vulnerabilities Headlines Hewlett Packard Mitigation infection Advisory ProCurve 5400 zl Switches Flash Card
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.