HP ProCurve 5400 zl Switches 'compact Flash card' Security Vulnerability

Release date: 2012-04-10
Updated on: 2012-04-28

Affected Systems:
HP E5412 zl Switch
HP E5406 zl Switch
HP Management Module 5400 series zl switch J8726A
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52990
Cve id: CVE-2012-0133

HP ProCurve Switch is an enterprise-level network Switch.

HP ProCurve 5400 zl Switches has a security vulnerability in implementation. If a vswitch is connected to a virus-infected flash card, attackers can exploit this vulnerability to affect user systems and execute arbitrary code.

Affected Versions: HP Management Module 5400 series zl switch J8726A
HP E5412 zl Switch with Premium Software J9643A
HP E5412 zl Switch Chassis J8698A
HP E5406 zl Switch with Premium Software J9642A
HP E5406 zl Switch Chassis J8697A
HP 5412zl-92GG-PoE +/2XG SFP + v2 Switch J9532A
HP 5412zl-92G-PoE +/4g sfp v2 Switch J9540A
HP 5412-96G zl Switch J8700A
HP 5412-92G-PoE +-4SFP zl Switch J9448A
HP 5406zl-44G-PoE +/4g sfp v2 Switch J9539A
HP 5406zl-44G-PoE +/2XG SFP + v2 Switch J9533A
HP 5406-48G zl Switch J8699A
HP 5406-44G-PoE +-4SFP zl Switch J9447A

<* Source: HP

Link: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? ObjectID = c03249176
Http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay? DocId = emr_na-c03249176 & ac. admitted = 1335578862158.876444892.109883150
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

HP
--
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://itrc.hp.com