HP’s 150 printer models are still vulnerable to attack due to these old security weaknesses

Share This Post

“By exploiting these bugs in the way we have outlined, there are several things an attacker can accomplish. These vulnerabilities provide attackers with an effective way to steal information: Since printer security is unlikely to be researched beforehand, attackers can just sit back and steal whatever information they find (through printing, scanning, etc.),” the researchers shared in the FAQ. Additionally, researchers note that this vulnerability could allow an attacker to use a compromised MFP as an entry point to traverse corporate networks.

While looking to hone their skills by analyzing HP multifunction printers (MFPs), cybersecurity researchers came across a number of flaws that could be exploited to gain remote code execution privileges. According to the researchers, the vulnerabilities tracked as CVE-2021-39237 and CVE-2021-39238 exist in the unit’s communication board and font parser. Worryingly, they date back to at least 2013 and affect a large number of HP’s stable printers.

Highlights

  • Although HP has patched the issue, the researchers have also outlined ways to help organizations protect their vulnerable MFPs. First, the company should disable his USB printing option to restrict physical use of the device. Second, researchers recommend putting network printers in a separate VLAN behind a firewall. Instead of allowing computers on your network to communicate directly with the printer, you should connect to a dedicated print server that will be the only point of communication with the printer.

  • Protect your printer
    The researchers took this opportunity to highlight how companies do not treat printers as just another endpoint, leaving them unprotected and often without critical updates, leaving them vulnerable to attack. The researchers further argue that the lack of forensic tools capable of recovering evidence from MFPs and similar devices does not improve the situation. This allows attackers to exploit bugs such as they find, leaving little evidence of malicious activity.

Read More:

Partnership Between Mitsubishi Electric and Nozomi Networks Strengthens Operational Technology Security Business

Mitsubishi Electric and Nozomi Networks Partnership Mitsubishi Electric and Nozomi...

Solidion Technology Inc. Completes $3.85 Million Private Placement Transaction

**Summary:** 1. Solidion TechnologyInc. has announced a private placement deal...

Analyzing the Effects of the EU’s AI Act on Tech Companies in the UK

Breaking Down the Impact of the EU’s AI Act...

Tech in Agriculture: Roundtable Discusses Innovations on the Ranch

Summary of Tech on the Ranch Roundtable Discussion: ...

Are SMEs Prioritizing Tech Investments Over Security Measures?

SMEs Dive Into Tech Investments, But Are...

Spotify Introduces Music Videos for Premium Members in Chosen Markets

3 Summaries of Spotify Unveils Music Videos for Premium...

Shearwater to Monitor Production at Equinor’s Two Oil Platforms

Shearwater GeoServices secures 4D monitoring projects from Equinor for...

Regaining Europe’s Competitive Edge in Innovation: Addressing the Innovation Lag

Europe’s Innovation Lag: How Can We Regain Our Competitive...

Related Posts

Government Warns of AI-Generated Content: Learn More about the Issue

Government issued an advisory on AI-generated content. All AI-generated content...

Africa Faces Internet Crisis: Extensive Outage Expected to Last for Months, Hardest-Hit Nations Identified

Africa’s Internet Crisis: Massive Outage Could Last Months, These...

FTC Investigates Reddit for AI Content Licensing Practices

FTC is investigating Reddit's plans...

Journalists Criticize AI Hype in Media

Summary Journalists are contributing to the hype and...