Communications of the ACM
Hundreds of HP Printer Models Vulnerable to Remote Code Execution
HP has released firmware security updates for most of the affected products. For the models without a patch, the company provides mitigation instructions that revolve mainly around disabling LLMNR (Link-Local Multicast Name Resolution) in network settings
Credit: HP
HP issued security advisories for three critical-severity vulnerabilities impacting its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.
The first bulletin reveals a buffer overflow flaw, identified by Trend Micro's Zero Day Initiative team, which could enable remote code execution on affected printers.
The company has released firmware security updates for most of the affected models, and instructions for disabling LLMNR (Link-Local Multicast Name Resolution) in network settings for models without a patch.
The second bulletin discloses two critical and one high-severity vulnerabilities, also detected by the Zero Day Initiative team, which could be exploited for information disclosure, remote code execution, and denial of service.
Those with the impacted machines were advised to apply the security updates as soon as possible, place the devices behind a network firewall, and implement remote access restriction policies.
From BleepingComputer (03/22/22) Bill Toulas
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found