HP Switches Shipped w/Malware

HP is warning customers that some of its ProCurve switches were shipped recently with compact flash cards infected with malware. The company said that a number of software versions in the ProCurve 5400 switch were affected, and that PCs could be become infected by the malware under some conditions.

HP did not provide details on which piece of malware was included on the switches or what the program is capable of doing. However, the company is encouraging customers to address the issue immediately. They suggest that customers either use a software script that will remove the malware from the flash card or opt for a hardware replacement through which HP will ship out a new module to replace the infected one.

“A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system’s integrity,” HP said in its advisory.

The list of software versions affected by the malware infection are:

  • J9532A 5412zl-92GG-PoE+ / 2XG SFP+ v2 Switch
  • J9533A 5406zl-44G-PoE+ / 2XG SFP+ v2 Switch
  • J9539A 5406zl-44G-PoE+ / 4G SFP v2 Switch
  • J9540A 5412zl-92G-PoE+ / 4G SFP v2 Switch
  • J9642A HP E5406 zl Switch with Premium Software
  • J9643A HP E5412 zl Switch with Premium Software
  • J8697A HP E5406 zl Switch Chassis
  • J8698A HP E5412 zl Switch Chassis
  • J8699A – HP 5406-48G zl Switch
  • J8700A – HP 5412-96G zl Switch
  • J9447A – HP 5406-44G-PoE+-4SFP zl Switch
  • J9448A – HP 5412-92G-PoE+-4SFP zl Switch
  • J8726A Management Module in the 5400 series zl switch with the following serial numbers:
    • ID116AS04P through ID116AS0HR
    • ID117AS00H through ID126AS0FB

HP warned customers that re-using the infected compact flash card from the switch in a desktop PC could result in the PC becoming infected by the malware, as well. The problem of hardware being shipped with malware already on it is not a new one. It’s been happening for several years now and malware has shown up in devices from digital picture frames to USB drives to CDs.