Attackers can inject and execute malicious code via the gaps classified as critical. The manufacturer advises to update the firmware of the printers. […]
HP has issued various security warnings for more than 250 of its printer models. Hackers should be able to inject malicious code, launch denial-of-service attacks (DoS) and access data. As a countermeasure, the manufacturer refers to firmware updates and configuration changes.
The first gap has the designation CVE-2022-3942 and is classified as critical with a value of 8.4. According to Heise, attackers can remotely cause a buffer overflow through gaps in the firmware of about 250 models. Then malicious code can be introduced and executed.
A protocol called Link-Local Multicast Name Resolution (LLMNR) serves as a gateway for hackers. It allows IPv4 and IPv6 hosts to resolve names into numeric, editable addresses for hosts on the same local network. Among other things, it has been installed since Windows Vista in all versions of Microsoft’s operating system as well as its mobile counterparts Windows Phone and Windows 10 Mobile.
In addition to a firmware update, according to HP, it is also possible to circumvent the gap by switching off the LLMNR protocol for the devices. The affected model series include HP Color LaserJet, DesignJet, DeskJet, HP Digital Sender, LaserJet, OfficeJet Pro, Pagewide and HP ScanJet Enterprise, among others.
For more than 20 additional models, HP released three more vulnerabilities. The designations are CVE-2022-24291, CVE-2022-24292 and CVE-2022-24293. Two of them are classified as critical. The information on this is scanty. The IT provider only mentions information theft, denial of service and buffer overflow as possible security risks. According to HP, there is no other solution to these problems than to update to the latest firmware.
For HP users, such messages are nothing new. Already at the end of 2021, security researchers found serious gaps in over 150 printer models.
At that time, hackers were able to access and hijack the devices using phishing tactics. The attackers then had the opportunity to read printouts, scans and faxes. In addition, the login data of the devices could be read out, which opened the way to the rest of the network. Even then, HP advised firmware updates.
*Jens Dose is editor of the CIO magazine. In addition to the core topics around CIOs and their projects, he also deals with the role of the CISO and its area of responsibility.