Hackers can remotely exploit bug in HP PCs, Laptops and Tablets

[Batu69]

HP PCs/Laptops and Notebooks LTE Module vulnerable to remote code execution flaw

The HP PCs/Laptops and Notebooks which have HP lt4112 LTE/HSPA+ Gobi 4G Module onboard, have been found to have critical vulnerabilities which can be exploited by potential hackers to remotely execute arbitrary code.

The vulnerabilities have been assigned following numbers :

CVE-2015-5367
CVE-2015-5368
SSRT101965

The vulnerability listed under CVE-2015-5367 allows a potential attacker to exploit this flaw to obtain the root permission, access the system by connecting the serial port, and view or modify configuration. The upgrade package of the HP lt4112 LTE/HSPA+ Gobi 4G wireless module contains the hash values of the root account and password. An attacker can obtain the password of the root account through reverse cracking.

The module provides a debugging serial port at the rear for troubleshooting, opening a way for physical cracking by hackers. The hackers can connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module.

While the CVE-2015-5368 allows an attacker to tamper with the upgrade package, leading to an upgrade failure or the upgrade of an incorrect package. As a result, services may become unavailable.

This module implements upgrade check using CRC16, which is insecure. Much study is done for reversely cracking this algorithm. Hackers may change or add a code segment to the upgrade file, recalculate a CRC value, and tamper with the firmware of this module through CRC check during upgrade.

The vulnerabilities exists in the HP lt4112 LTE/HSPA+ Gobi 4G Module which is used by HP PCs/Laptops and Notebooks to connect the users to 3G/4G/LTE radios.

According the the listing, the following HP PCs/Laptops and Notebooks are vulnerable to this flaw :

HP EliteBook 725 G2
HP EliteBook 745 G1
HP EliteBook 755 G2
HP EliteBook 820 G1
HP EliteBook 820 G2
HP EliteBook 840 G1
HP EliteBook 840 G2
HP EliteBook 850 G1
HP EliteBook 850 G2
HP EliteBook 1040 G1
HP EliteBook 1040 G2
HP EliteBook Folio 9470m
HP EliteBook Revolve 810 G2
HP EliteBook Revolve 810 G3
HP ElitePad 1000 G2
HP Elite x2 1011 G2
HP ProBook 430 G1
HP ProBook 430 G2
HP ProBook 440 G0
HP ProBook 440 G1
HP ProBook 440 G2
HP ProBook 450 G0
HP ProBook 450 G1
HP ProBook 450 G2
HP ProBook 640 G1
HP ProBook 645 G1
HP ProBook 650 G1
HP ProBook 655 G1
HP Pro x2 612 G1
HP Spectre x2 13-SMB Pro
HP ZBook 14
HP ZBook 14 G2
HP ZBook 15
HP ZBook 15 G2
HP ZBook 15u HP ZBook 17
HP Zbook 17 G2
mt41 Thin Client

Users of above HP products are advised to update their firmware following the below method

To acquire the firmware updates, go to hp.com

1. Select “Support” and then “Download Drivers”
2. Enter your product name or number in the “Find my product” field.
3. Choose the product from the returned search
4. Choose the operating system
5. Under the Download Index, select “Firmware”, and download the 12.500.00.15.1803 firmware or later (HP Softpaq # SP72435 or later). Follow the installation instructions to install the firmware update.

Resource : HP Software Security Response Team

Article source

[straycat19]

The hackers can connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module.

This isn't remote, this requires access to the system.

[knowledge-Spammer]

The hackers can connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module.

This isn't remote, this requires access to the system.

still bad