HP Patches Critical Vulnerabilities in its Printer Products
HP warns of critical vulnerabilities in hundreds of HP printer models, including the LaserJet Pro, OfficeJet and DeskJet series.
The first vulnerability allows a buffer overflow. The vulnerability affects dozens of models. The buffer overflow creates the risk of Remote Code Execution (RCE).
HP published a firmware update for most models but not all are perfect. Some devices will have to make do without for now. HP prepared a set of alternative instructions for users of HP LaserJet Enterprise and HP LaserJet Pro.
If you’re using one or more models in these series, you do well to follow the instructions. The vulnerability (CVE-2022-3942) was graded an 8.4.
The second, third and fourth vulnerabilities received high to critical CVE scores. One of the vulnerabilities opens the door for denial of service (DoS) attacks. The threat is exceptional: two of the vulnerabilities received CVE scores of 9.8.
Firmware updates are available for every model except the HP Color LaserJet Pro MFP M2XX. HP shared very few technical details on the latter three vulnerabilities. We expect to see more information after the latest patch is published. Until then, it can’t hurt to review your firewalls and policies.