To safeguard their machines from significant security issues, HP printer users should update their firmware.
About 150 HP printer models, including the HP Color LaserJet Enterprise, HP LaserJet Enterprise, HP PageWide,
HP OfficeJet Enterprise Color, and HP ScanJet Enterprise 8500 FN1 Document Capture Workstation series, have major vulnerabilities, according to F-Secure researchers.
The bug, known as “Printing Shellz,” is made up of two different flaws that allow attackers to acquire your personal information. T
he fault is in the communication board and font parser of the printers.
When this vulnerability is exploited, an attacker can acquire code execution rights and steal data from the printer or use the system to launch additional attacks.
The more dangerous of the vulnerabilities, CVE-2021-39238 (CVSS score of 9.3), is a wormable buffer overflow flaw that can infect other unprotected multi-function printers.
Furthermore, by luring a victim to a malicious website and transmitting an exploit payload from the browser to the printer,
A technique known as cross-site printing, the issue can be exploited remotely.
There’s some good news before you go Office Space on your HP. F-Secure delivered patches to limit the danger just a few months after disclosing the weaknesses to HP in April.
Customers should go to the HP Software and Driver Downloads page and look for their individual printer model to install the patch,
According to HP. So far, there hasn’t been any indication of the vulnerabilities being exploited in the wild.
According to the researchers, “any businesses employing impacted devices should apply the updates as soon as they’re released.”
“While exploiting these flaws is challenging, exposing them to the public will help threat actors know what to search for when attacking vulnerable businesses.”
It’s also worth mentioning that the second vulnerability, CVE-2021-39237 (CVSS score of 7.1), is triggered by unprotected ports, which means that an attack requires physical access.
This can be accomplished by connecting to the printer’s Ethernet port or using a USB stick. The option to print from a USB should be removed, according to F-Secure.
Malware is commonly associated with laptops, desktops, and financial services, but printers are also a popular target for hackers.
Researchers uncovered a collection of vulnerabilities in at least 20 network printer models manufactured by well-known brands in 2017, including HP.
Microsoft also provided an emergency patch earlier this year for a major problem known as “PrintNightmare” that allowed attackers to install malicious code.
Let this serve as a reminder to always keep your electronics up to date, since even seemingly benign technology strewn around your home may become a target for a cyber assault.