September 25, 2023

HP warns of critical vulnerabilities in hundreds of HP printer models, including the LaserJet Pro, OfficeJet and DeskJet series.

The first vulnerability allows a buffer overflow. The vulnerability affects dozens of models. The buffer overflow creates the risk of Remote Code Execution (RCE).

HP published a firmware update for most models but not all are perfect. Some devices will have to make do without for now. HP prepared a set of alternative instructions for users of HP LaserJet Enterprise and HP LaserJet Pro.

Advertisements

If you’re using one or more models in these series, you do well to follow the instructions. The vulnerability (CVE-2022-3942) was graded an 8.4.

The second, third and fourth vulnerabilities received high to critical CVE scores. One of the vulnerabilities opens the door for denial of service (DoS) attacks. The threat is exceptional: two of the vulnerabilities received CVE scores of 9.8.

Firmware updates are available for every model except the HP Color LaserJet Pro MFP M2XX. HP shared very few technical details on the latter three vulnerabilities. We expect to see more information after the latest patch is published. Until then, it can’t hurt to review your firewalls and policies.

Affected products and Versions

Tags:

Leave a Reply

You may have missed

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023

Air Canada Reveals Data Exposure due to a Cyberattack

September 23, 2023

SandMan APT Group in action against Telcos

September 22, 2023
%d bloggers like this: