HP warns of switches shipped with malware
HP published a security bulletin this week warning that select models of its HP ProCurve 5400 zl switches could be the carriers of malware. The switches include compact flash cards that may be infected with a virus. If the flash card were to be used in a computer, that could result in the PC being infected.
HP is offering two resolution paths for this security bulletin.
- Software Purge Option : HP provides a script that is run by the switch manager using the ‘show tech custom’ command. This script will delete the file(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted. This option is best for customers wanting to maximize the uptime of their network.
- Hardware Replacement Option : For those customers who have 5400 zl switch inventory that is not on their network and must be purged, this option allows for the Management Module to be replaced. Also, any customer that feels uncomfortable performing the Software Purge Option can choose the Hardware Replacement Option as well. An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime.
The security bulletin offers a list of possible serials numbers for switches purchased since April 30th, 2011 that may contain the malware. If you own the possible hardware, you can contact HP support for direct assistance acquiring the software purge script or the hardware replacement option at https://h10145.www1.hp.com/help/Help_ContactInfo.aspx?cwp=2&SelectedTab=2