Earlier this week, HP’s Software Security Response Team issued a security bulletin, alerting users that certain HP ProCurve 5400 zl switches were shipped with malware installed on the associated compact flash cards. No details were given about the type of malware shipped to unaware customers.
More details on the affected switches, including their serial numbers:
A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system’s integrity.
Affected switches and their associated serial numbers are as follows:
- J9532A 5412zl-92GG-PoE+ / 2XG SFP+ v2 Switch
- J9533A 5406zl-44G-PoE+ / 2XG SFP+ v2 Switch
- J9539A 5406zl-44G-PoE+ / 4G SFP v2 Switch
- J9540A 5412zl-92G-PoE+ / 4G SFP v2 Switch
- J9642A HP E5406 zl Switch with Premium Software
- J9643A HP E5412 zl Switch with Premium Software
- J8697A HP E5406 zl Switch Chassis
- J8698A HP E5412 zl Switch Chassis
- J8699A – HP 5406-48G zl Switch
- J8700A – HP 5412-96G zl Switch
- J9447A – HP 5406-44G-PoE+-4SFP zl Switch
- J9448A – HP 5412-92G-PoE+-4SFP zl Switch
- J8726A Management Module in the 5400 series zl switch with the following serial numbers: ID116AS04P through ID116AS0HR; ID117AS00H through ID126AS0FB
Serial numbers of the affected HP switches:
HP isn’t the first company to ship Certified Pre-Owned (CPO) hardware. Moreover, in 2008, the company once again shipped hardware with malicious software — W32.Fakerecy and W32.SillyFDC — on it, this time it was infected 256K / 1GB USB Drives.
These incidents are the result of a flawed quality assurance process, allowing cybercriminals an even deeper penetration in a company’s supply chain.
End and corporate users are advised to check whether their HP switch is malware-infected, and to follow the steps presented in the security bulletin in order to mitigate the risk posed by the infected compact flash cards.