[ad_1]
Researchers have found a number of vulnerabilities affecting at the least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.
Because the flaws found by F-Safe safety researchers Alexander Bolshev and Timo Hirvonen date again to at the least 2013, they’ve possible uncovered a lot of customers to cyberattacks for a notable period of time.
HP has launched fixes for the vulnerabilities within the type of firmware updates for 2 of essentially the most essential flaws on November 1, 2021.
These are CVE-2021-39237 and CVE-2021-39238. For a whole record of the affected merchandise, click on on the monitoring numbers for the corresponding advisories.
The primary one considerations two uncovered bodily ports that grant full entry to the machine. Exploiting it requires bodily entry and will result in potential info disclosure.
The second is a buffer overflow vulnerability on the font parser, which is much more extreme, having a CVSS rating of 9.3. Exploiting it offers menace actors a solution to distant code execution.
CVE-2021-39238 can be “wormable,” which means a menace actor may shortly unfold from a single printer to a complete community.
As such, organizations should improve their printer firmware as quickly as attainable to keep away from large-scale infections that begin from this usually ignored level of entry.
A number of potential vectors
F-Safe’s Bolshev and Hirvonen used an HP M725z multi-function printer (MFP) unit as their testbed to find the above flaws.
After they reported their findings to HP on April 29, 2021, the corporate discovered that, sadly, many different fashions have been additionally affected.
Because the researchers clarify in F-Safe’s report, there are a number of methods to use the 2 flaws, together with:
Printing from USB drives, which is what was used in the course of the analysis too. Within the trendy firmware variations, printing from USB is disabled by default.
Social engineering a consumer into printing a malicious doc. It could be attainable to embed an exploit for the font-parsing vulnerabilities in a PDF.
Printing by connecting on to the bodily LAN port.
Printing from one other machine that’s underneath the attacker’s management and in the identical community section.
Cross-site printing (XSP): sending the exploit to the printer straight from the browser utilizing an HTTP POST to JetDirect port 9100/TCP. That is most likely essentially the most enticing assault vector.
Direct assault through uncovered UART ports talked about in CVE-2021-39237, if the attacker has bodily entry to the machine for a short while.
One of many assault flows for CVE-2021-38238Source: F-Safe
To take advantage of CVE-2021-39238, it will take a number of seconds, whereas a talented attacker may launch a catastrophic assault primarily based on the CVE-2021-39237 in underneath 5 minutes.
Nonetheless, it will require some expertise and data, at the least throughout this primary interval when not many technical particulars are public.
Additionally, even when printers themselves aren’t best for proactive safety examination, they’ll detect these assaults by monitoring community visitors and searching into the logs.
Lastly, F-Safe factors out that they’ve seen no proof of anybody utilizing these vulnerabilities in precise assaults. Therefore, the F-Safe researchers have been possible the primary to identify them.
An HP spokesperson has shared the next remark with Bleeping Laptop:
HP always displays the safety panorama and we worth work that helps establish new potential threats. Now we have revealed a safety bulletin for this potential vulnerability right here. The safety of our clients is a high precedence and we encourage them to all the time keep vigilant and to maintain their methods updated.
Mitigation strategies
Other than upgrading the firmware on the affected gadgets, admins can comply with these tips to mitigate the danger of the issues:
Disable printing from USB
Place the printer right into a separate VLAN sitting behind a firewall
Solely permit outbound connections from the printer to a particular record of addresses
Arrange a devoted print server for the communication between workstations and the printers
The final level underlines that even with out fixing patches if correct community segmentation practices are adopted the probabilities of struggling harm from community intruders drop considerably.
An in depth information on one of the best practices for securing your printer is on the market in HP’s technical paper. You too can watch a video demo of how this HP printer vulnerability could be exploited beneath.
[ad_2]