[ad_1]
Cybersecurity researchers on Tuesday disclosed a number of safety flaws affecting 150 totally different multifunction printers (MFPs) from HP Inc that may very well be probably abused by an adversary to take management of weak gadgets, pilfer delicate data, and infiltrate enterprise networks to mount different assaults.
The 2 weaknesses — collectively known as Printing Shellz — have been found and reported to HP by F-Safe Labs researchers Timo Hirvonen and Alexander Bolshev on April 29, 2021, prompting the PC maker to subject patches earlier this month —
- CVE-2021-39237 (CVSS rating: 7.1) – An data disclosure vulnerability impacting sure HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
- CVE-2021-39238 (CVSS rating: 9.3) – A buffer overflow vulnerability impacting sure HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed merchandise.
“The failings are within the unit’s communications board and font parser,” Hirvonen and Bolshev stated. “An attacker can exploit them to realize code execution rights, with the previous requiring bodily entry whereas the latter will be completed remotely. A profitable assault will permit an adversary to realize numerous goals, together with stealing data or utilizing the compromised machine as a beachhead for future assaults towards a corporation.”
CVE-2021-39238’s important severity score additionally stems from that the vulnerability is wormable, that means it may very well be exploited to self-propagate to different MFPs on the compromised community.
A hypothetical assault state of affairs might contain embedding an exploit for the font-parsing flaws in a malicious PDF doc after which social engineering the goal into printing the file. Alternatively, an worker from the sufferer group may very well be lured into visiting a rogue web site, within the course of sending the exploit to the weak MFP immediately from the net browser in what’s generally known as a cross-site printing assault.
“The web site would, mechanically, remotely print a doc containing a maliciously-crafted font on the weak MFP, giving the attacker code execution rights on the system,” the researchers stated.
Moreover imposing community segmentation and disabling printing from USB drives by default, it is extremely really useful for organizations utilizing the affected gadgets to put in the patches as quickly as they change into out there. “Whereas exploiting these points is considerably troublesome, the general public disclosure of those vulnerabilities will assist menace actors know what to search for to assault weak organizations,” Hirvonen and Bolshev stated.
[ad_2]
