Jetdirect Print Servers offer an Access Control List that can be used to specify which hosts can make SNMP configuration changes to Jetdirect Print Servers.
The steps above can help prevent exploitation of the vulnerability.
The latest firmware revision available for download is given.
For example, the latest firmware revision for the J3110A is G.08.32.
Also makesure that any error messages are cleared from the control-panel display.
Note Before upgrading the firmware, make sure that the MFP is not in Sleep mode. If power is lostduring the flash DIMM update (while the Performing Upgrade message appears on thecontrol-panel display), the update is interrupted and the message Resend Upgrade appears(in English only) on the control-panel display. In this case, you must send the upgrade byusing the parallel port. For customers with vulnerable versions (X.08.32 and lower, where X = A through K), HP has released the following workaround for the HP Jet Direct firmware and is working on a firmware fix: Change the set-community-name and use the Access Control List as described in "HP Jetdirect Print Servers - Making HP Jetdirect Print Servers Secure on the Network": To limit the vulnerability, HP has the following recommendations: SNMPv1 security relies on the set community name.It is important that a set-community-name be configured on the Jetdirect device and that it be kept secret.To upgrade the firmware on a network connection by using FTP 1. Take note of the IP address on the HP Jetdirect page. For example, if the TCP/IP address is 192.168.0.90, type ftp 192.168.0.90 . The I/O transfer time depends on a number of things,including the speed of the host computer that is sending the update. The message 200 Types set to I, Using binary mode to transfer files appears in the command window. 170 Chapter 9 Managing and maintaining the MFP ENWW Using HP Web Jetadmin to upgrade the firmware This procedure requires that you install HP Web Jetadmin Version 7.0 or later on yourcomputer. Complete the following steps to update a single device through HP Web Jetadmin after downloading the . If the remote firmwareupdate process is interrupted before the firmware is downloaded (while Receiving Upgradeappears on the control-panel display), the firmware file must be sent again. Update the firmware to the highest level as described in the Jetdirect Upgrade Instructions document: Disabling SNMP may affect device discovery and port monitors that use SNMP to get status on the device. HP always recommends upgrading Jetdirect firmware for the latest bug fixes and security benefits.The upgrade firmware and download utility are available free of charge: following is a list of Jet Direct Product Numbers that can be freely upgraded to X.08.32 or X.21.00 or higher firmware.