Nov 30, 2021
93 Views
0 0

8-year-old HP printer vulnerability affects 150 printer models

Written by

Panasonic discloses data breach after network hack
IKEA email systems hit by ongoing cyberattack
APT37 targets journalists with Chinotto multi-platform malware
Stealthy WIRTE hackers target governments in the Middle East
Finland warns of Flubot malware heavily targeting Android users
Smartwatches for children are a privacy and security nightmare
Give the gift of learning a new language with this subscription
EwDoor botnet targets AT&T network edge devices at US firms
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
8-year-old HP printer vulnerability affects 150 printer models
Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.
Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time.
HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1, 2021.
These are CVE-2021-39237 and CVE-2021-39238. For a complete list of the affected products, click on the tracking numbers for the corresponding advisories.
The first one concerns two exposed physical ports that grant full access to the device. Exploiting it requires physical access and could lead to potential information disclosure.
The second one is a buffer overflow vulnerability on the font parser, which is a lot more severe, having a CVSS score of 9.3. Exploiting it gives threat actors a way to remote code execution.
CVE-2021-39238 is also “wormable,” meaning a threat actor could quickly spread from a single printer to an entire network.
As such, organizations must upgrade their printer firmware as soon as possible to avoid large-scale infections that start from this often ignored point of entry.
F-Secure’s Bolshev and Hirvonen used an HP M725z multi-function printer (MFP) unit as their testbed to discover the above flaws.
After they reported their findings to HP on April 29, 2021, the company found that, unfortunately, many other models were also affected.
As the researchers explain in F-Secure’s report, there are several ways to exploit the two flaws, including:
To exploit CVE-2021-39238, it would take a few seconds, whereas a skilled attacker could launch a catastrophic assault based on the CVE-2021-39237 in under five minutes.
However, it would require some skills and knowledge, at least during this first period when not many technical details are public.
Also, even if printers themselves aren’t ideal for proactive security examination, they can detect these attacks by monitoring network traffic and looking into the logs.
Finally, F-Secure points out that they have seen no evidence of anyone using these vulnerabilities in actual attacks. Hence, the F-Secure researchers were likely the first to spot them.
An HP spokesperson has shared the following comment with Bleeping Computer:
HP constantly monitors the security landscape and we value work that helps identify new potential threats. We have published a security bulletin for this potential vulnerability here. The security of our customers is a top priority and we encourage them to always stay vigilant and to keep their systems up to date.
Apart from upgrading the firmware on the affected devices, admins can follow these guidelines to mitigate the risk of the flaws:
The last point underlines that even without fixing patches if proper network segmentation practices are followed the chances of suffering damage from network intruders drop significantly.
A detailed guide on the best practices for securing your printer is available in HP’s technical paper. You can also watch a video demo of how this HP printer vulnerability can be exploited below.
Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
Sitecore XP RCE flaw patched last month now actively exploited
Sonos, HP, and Canon devices hacked at Pwn2Own Austin 2021
Over 30,000 GitLab servers still unpatched against critical bug
>Place the printer into a separate VLAN sitting behind a firewall
>Only allow outbound connections from the printer to a specific list of addresses

I would have happily done that anyway if my router let me. Sadly it's quite hard to get a good feature-rich OpenWRT compatible router for a solid price and simply buging a RPi4 and turning it into one might end up being cheaper. If it weren't for RPi4 prices going through the roof this year. There doesn't even seem to be a comparison of solid OpenWRT compatible router anywhere.
Not a member yet? Register Now
Customize the Windows 11 experience with these free apps
Panasonic discloses data breach after network hack
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News

Comments are closed.