Serious Security Vulnerability Discovered in Multiple HP Printer Models

On November 30, 2021, cybersecurity experts revealed significant security weaknesses affecting 150 different multifunction printers from HP Inc. These flaws, which have been present for eight years, can be exploited by attackers to gain control of vulnerable devices, steal sensitive information, and infiltrate enterprise networks to execute further attacks.

The two vulnerabilities, termed Printing Shellz, were uncovered by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev and reported to HP on April 29, 2021. As a result, HP released patches earlier this month addressing the issues:

  • CVE-2021-39237 (CVSS Score: 7.1): An information disclosure vulnerability affecting specific HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.

  • CVE-2021-39238 (CVSS Score: 9.3): A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

Further details on the vulnerabilities are currently under review.

Severe Security Vulnerability Discovered in Multiple HP Printer Models

November 30, 2021

Cybersecurity experts have revealed the existence of longstanding security vulnerabilities that affect a substantial range of HP multifunction printers (MFPs). Specifically, these flaws, which have persisted for eight years, could allow malicious actors to gain control of affected devices, exfiltrate sensitive data, and compromise enterprise networks for further attacks. The two vulnerabilities, collectively known as Printing Shellz, were identified and reported by researchers Timo Hirvonen and Alexander Bolshev from F-Secure Labs on April 29, 2021. This prompted HP to issue patches to address these issues earlier this month.

The vulnerabilities are categorized under two Common Vulnerabilities and Exposures (CVEs). The first, CVE-2021-39237, has a CVSS score of 7.1 and pertains to an information disclosure vulnerability that impacts specific models within the HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed series. The second vulnerability, CVE-2021-39238, scored significantly higher at 9.3 and concerns a buffer overflow vulnerability affecting select HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

The implications of these vulnerabilities are particularly alarming for enterprises, as the flaws open avenues for unauthorized access to sensitive organizational data. Through these weaknesses, an adversary could employ various tactics associated with the MITRE ATT&CK framework. Initial access might be gained through exploitation of these vulnerabilities, while persistence could be achieved by maintaining access to the compromised devices for further exploitation. Moreover, privilege escalation techniques could allow attackers to elevate their access rights, enabling broader control over the network environment.

Organizations using the affected HP printer models are urged to implement the patches provided by HP as soon as possible to mitigate the risks. The potential for these vulnerabilities to facilitate data breaches and other malicious activities should not be underestimated, especially in environments that rely on the confidentiality and integrity of sensitive information.

As the cybersecurity landscape continues to evolve, it is critical for business owners to remain vigilant. Regular updates and patch management practices should be prioritized to address vulnerabilities promptly and defend against malicious tactics employed by adversaries. This incident underscores the necessity of understanding the frameworks of cybersecurity, such as MITRE ATT&CK, which can elucidate the tactics and techniques that may be leveraged in these types of attacks.

In sum, the discovery of these security flaws in HP printers serves as a crucial reminder of the ongoing challenges in cybersecurity. The need for proactive measures has never been more significant, as enterprises navigate the complexities of protecting sensitive information in an interconnected world.

Source link

Related Posts

CISA Issues Warning on Exploited Critical Vulnerability in Zoho ManageEngine ServiceDesk

On December 3, 2021, the FBI and CISA alerted the public about active exploitation of a newly patched vulnerability in Zoho’s ManageEngine ServiceDesk Plus. Identified as CVE-2021-44077 (CVSS score: 9.8), this flaw enables unauthenticated remote code execution in versions up to 11305. If unaddressed, it allows attackers to upload executable files and establish web shells for further malicious activities, such as compromising admin credentials, lateral movement, and exfiltrating sensitive information like registry hives and Active Directory files. Zoho also highlighted that a security misconfiguration in ServiceDesk Plus was the root cause of this issue.

Alert: New Zoho ManageEngine Vulnerability Actively Under Attack

December 4, 2021

Zoho has issued a warning regarding a newly patched critical vulnerability in its Desktop Central and Desktop Central MSP products, which is currently being exploited by cybercriminals. This marks the third security flaw in Zoho’s offerings found to be targeted in just four months. The vulnerability, identified as CVE-2021-44515, is an authentication bypass that enables attackers to bypass security measures and execute arbitrary code on the Desktop Central MSP server.

“If exploited, attackers can gain unauthorized access by sending a specially crafted request, resulting in remote code execution,” Zoho cautioned in its advisory. “Given the signs of active exploitation, we strongly recommend that customers update to the latest build immediately.” The company has also provided an Exploit Detection Tool to assist customers in identifying any potential vulnerabilities.

Pegasus Spyware Allegedly Targeted iPhones of U.S. State Department Employees and Diplomats

December 4, 2021

Reports from Reuters and The Washington Post indicate that Apple has informed several U.S. Embassy and State Department staff that their iPhones might have been compromised by an unidentified attacker using state-sponsored spyware developed by the controversial Israeli firm NSO Group. At least 11 officials, either stationed in Uganda or involved in matters related to the country, reportedly had their iPhones, linked to their overseas numbers, singled out. The identities of the perpetrators and the specific information sought remain unclear. These incidents represent the first known use of this advanced surveillance tool against U.S. government personnel. NSO Group produces Pegasus, military-grade spyware that enables clients to discreetly access files, photos, and conversations.

Urgent Log4J Vulnerability Poses Significant Threat to Internet Security

Dec 11, 2021

The Apache Software Foundation has addressed a critical zero-day vulnerability in the widely-used Apache Log4j Java logging library, actively exploited to execute malicious code and potentially gain full control over affected systems. Identified as CVE-2021-44228 and known as Log4Shell or LogJam, this flaw allows unauthenticated remote code execution (RCE) in applications utilizing this open-source tool, impacting versions from Log4j 2.0-beta9 to 2.14.1. The bug received a maximum severity score of 10 on the CVSS rating scale. The Apache Foundation’s advisory states, “An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.” Starting with Log4j version 2.15.0, this functionality has been disabled by default. Exploitation can be performed with minimal effort…