HP Issues Firmware Updates for Printer Product Vulnerabilities

  /     /     /  
Publicated : 23/11/2024   Category : security


HP Issues Firmware Updates for Printer Product Vulnerabilities


More than 150 HP printer models have bugs that could enable attackers to steal data and gain an initial foothold on enterprise networks.



HP Inc. has issued firmware updates for multiple security vulnerabilities that affect more than 150 models of its multifunction printer (MFP) products.
These issues are not particularly easy to exploit. However, they present a threat to enterprise organizations because they give attackers a means to steal data and gain a foothold on a network, according to F-Secure researchers who discovered the bugs and reported them to HP in April 2021.
The flaws are also dangerous because forensic tools are not typically capable of recovering evidence from multifunction printers. An attacker who wanted to maintain stealth could exploit the flaws and leave very little evidence behind, F-Secure said.
The bugs have been assigned two vulnerability identifiers:
CVE-2021-39237
 is a single identifier for two exposed physical ports and
CVE-2021-39238
for two different font parsing flaws. HP products that contain the vulnerabilities include models of the companys HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
In advisories announcing patch availability, HP
described
one of the vulnerabilities (CVE-2021-39238) as a critical buffer overflow issue and the
other
(CVE-2021-39237) as a high-severity information disclosure vulnerability that could be exploited only by someone with physical access to the device. 
Customers concerned about potential physical attacks should follow the recommendation in the product user guide to use a Kensington-style lock to protect against these and other potential types of physical attacks on HP printers, the company said.
HP is one of the largest printer makers in the world.
IDC
earlier this year estimated HP currently owns 41% of the worldwide market for hard-copy peripherals, a category that includes single and multifunction printers and digital copiers.
In a blog post on Tuesday,
F-Secure said
 attackers could exploit these flaws to take control of vulnerable HP multifunction printers or steal any information that is either run or cached on the devices. Data at risk includes any documents that are printed, scanned, or faxed using a vulnerable device. Also at risk are login credentials such as usernames and passwords that might connect a vulnerable device to the rest of the enterprise network. In addition, attackers could leverage the flaws to gain an initial foothold on a vulnerable network, the security vendor warned.
F-Secure said the flaws can be exploited in multiple ways. This includes printing from USB drives, using social engineering to convince a user to print a malicious document, embedding an exploit for the font-parsing flaws in a PDF, or connecting directly to the physical LAN port and printing.
The vulnerabilities exist in the font parser and communications board of affected HP printers. The font parser flaws can be exploited remotely and are wormable, meaning an attacker could create malware capable of replicating itself on vulnerable printers across an enterprise network. Bugs in the communication board, meanwhile, can be exploited only by someone with physical access to the device.
F-Secures investigation found skilled attackers could likely exploit the bugs relatively easily. The vendor found the vulnerabilities involving physical ports, for instance, could be exploited in a little over five minutes, while the font parser flaws could be leveraged in seconds. However, the vulnerabilities arent easy to find or to exploit for unskilled threat actors. The fact that physical access is required to exploit one set of bugs presents another major challenge for attackers. Even so, large organizations in critical sectors and those at risk of targeted attacks should consider the bugs as realistic attack vectors and protect themselves, the security vendor said.
For security teams at organizations with the affected HP products, this is yet another time they are forced to address a significant threat in the printer environment this year.
In June and July, many organizations had to rush to patch vulnerabilities in Microsofts infamously buggy Windows Print Spooler service. One of the vulnerabilities in particular — called
PrintNightmare
 — sparked widespread concern because it was remotely exploitable, present in all Windows versions, and gave attackers a way to gain highly privileged access to critical systems, including domain controllers. However, those flaws, while present in a printer service, existed in the operating system itself and not on the printers themselves, as is the case with the newly patched HP printer flaws.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
HP Issues Firmware Updates for Printer Product Vulnerabilities