Detecting an 8-year-old security flaw, affecting 150 HP printer models
Researchers have discovered several security vulnerabilities affecting at least 150 models of HP multifunction printers (print, scan, fax).
According to researchers Alexander Bolshev and Timo Hirvonen of F-Secure, these vulnerabilities have existed since 2013, so if exploited, many users would have been attacked.
HP has released patches for the security holes by updating the firmware. The two most critical security vulnerabilities were patched on November 1, 2021.
These two vulnerabilities are tracked under the codes CVE-2021-39237 and CVE-2021-39238. The first vulnerability concerns two exposed physical ports that give full access to the device. To exploit, hackers need physical access to the device and potentially steal information.
The second vulnerability causes a buffer overflow on the font parser. With a score of 9.3, this is a very serious problem. If the exploit is successful, the hacker can execute the code remotely.
CVE-2021-39238 is also a "wormable" vulnerability so an attacker could spread the exploit from one printer to the entire network.
Therefore, agencies and organizations should upgrade printer firmware immediately to avoid system-wide attacks.
There are different exploits that hackers can use:
- Print from a USB drive
- Trick someone into printing a malicious document
- Print by connecting directly to a physical LAN port
- Print from another device that the hacker is controlling in the same network segment
- Cross-Page Printing (XSP)
- Direct attack through exposed UART port
It only takes a few seconds to exploit the CVE-2021-39238 vulnerability while a skilled hacker can create a devastating attack based on the CVE-2021-39237 vulnerability in less than 5 minutes.
The good news is that F-Scure has never discovered anyone using these vulnerabilities in attacks. According to HP, the company always monitors security and appreciates the reports of security experts.
In addition to updating firmware, IT admins can do the following to reduce risk:
- Turn off printing from USB
- Put the printer in a separate VLAN behind the firewall
- Only allow outgoing connections from the printer to a specific address list
- Set up a dedicated print server for communication between the workstation and the printer
HP's notes show that even without a firmware update, if appropriate network segmentation methods are followed, the chance of damage due to the two vulnerabilities mentioned above will be significantly reduced.l
You should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks
- If you hack HP's printer, you will receive $ 10,000
- Detect a rare vulnerability that causes problems with the printer on Windows 10
- How to share a printer via LAN
- The best 3D printers 2019
- Inkjet (inkjet) and laser printers: Which type is right for you?
- How to fix offline errors of printers on Windows 10
- How to add a printer on Windows 11
- The printer has ink smudges - Causes and ways to fix the printer ink smudge error
- Select the location of the printer in the office
- How to fix Windows errors not connected to the printer
Maybe you are interested
Enable or disable Secure Boot via the ASUS UEFI BIOS utility How to temporarily lock the computer when entering the wrong password many times How to Add a Password to a .Bat File How to use ASCII characters to create strong passwords How to prevent DDoS attack with Nginx Techniques to exploit buffer overflows: Organize memory, stack, call functions, shellcode