HP fixes high-risk printer vulnerabilities affecting more than 150 HP printers

ManageEngine strelka

The high-risk vulnerabilities in the HP series printers discovered by the security company F-Secure security consultants Timo Hirvonen and Alexander have now been notified.

The high-risk security vulnerabilities discovered this time is CVE-2021-39237 and CVE-2021-39238, of which the CVSS score of the latter is as high as 9.3/10.

Attackers use vulnerabilities to gain code execution permissions and can execute remotely. Attackers use vulnerabilities to even infect intranet devices through printers as a springboard.

In addition, the vulnerabilities discovered this time is wormable, which means that attackers can create self-propagating malware that can quickly infect other devices on the intranet.

According to researchers, this vulnerability occurred in the communication and font parser of HP printers. Attackers can use the vulnerability to obtain code execution and remote execution.

Among them, CVE-2021-39237 requires physical access to the printer to be triggered, and CVE-2021-39238 can be triggered remotely, so the actual harm is more serious.

The most effective attack method is to induce users to visit malicious websites through phishing websites or other methods. At this time, the printer will be exposed to cross-site printing attacks.

The website will remotely print a maliciously crafted font file on a vulnerable HP printer, and the vulnerability will trigger code execution when the printer is launched.

An attacker who successfully exploited the vulnerability could steal data through the printer quietly, including printing content, scanning content, faxing content, and stealing network password credentials.

Researchers determined that the difficulty of exploiting these vulnerabilities can prevent low-skilled hackers, but this cannot prevent hackers with professional skills, especially hacker groups.

The most important thing is that the vulnerability can be a worm. Attackers can create a self-replicating and spreading worm virus that infects other devices laterally in the internal network.

For example, using HP printer defects as a springboard to infect other devices on the intranet before deploying more malware or ransomware to endanger the security of corporate data.

Researchers claim that a modern printer is a fully functional computer, and threat actors can destroy the printer and launch attacks like other workstations and terminals.

Attackers can use infected devices to damage enterprise infrastructure and operations, and experienced threat actors will view security weaknesses as attack opportunities.

Therefore, if the company does not incorporate the printer into the regular computer security management, it may be breached, and the entire intranet environment of the company will be compromised.

Researchers reported the vulnerabilities to HP in April 2021, but it may be that the vulnerabilities have had too wide an impact, too high damage, and difficulty in repairing HP until now.

Recently, HP released a security update to repair all affected HP printers. It is reported that more than 150 specific SKUs are involved, and a large number of HP printers are under threat. For homes or businesses using HP printers, please visit this link.

Please note that some printers may have multiple different firmware platforms. You must strictly search for the specific platform and model before installing the firmware to avoid affecting the use of the printer.

In addition to installing firmware to fix vulnerabilities, researchers also suggest that companies isolate printers by a firewall to prevent printers from becoming a breach that threatens intranet security.