Jump to content
  • Hundreds of HP printers affected by critical security issues


    Karlston

    • 942 views
    • 3 minutes
     Share


    • 942 views
    • 3 minutes

    HP published two security bulletins that inform customers about critical security issues affecting hundreds of the company's printer models. Firmware updates that patch the security issues are available for some printer models but not for all.

     

    scr-laserjet-pro-ews-network-settings.we

     

    The first security bulletin confirms that certain HP printer models are affected by critically rated security issue CVE-2022-3942. The remote code execution and buffer overflow issue uses Link-Local Multicast Name Resolution (LLMNR). The issue is rated 8.4 out of 10.

     

    HP created firmware updates for some of the affected printer models and released mitigation instructions for others. Models of the following printer families are affected by the vulnerability according to HP:

     

    • HP Color LaserJet Enterprise
    • HP Color LaserJet Managed
    • HP Digital Sender Flow
    • HP LaserJet Enterprise 500
    • HP LaserJet Enterprise Color Flow
    • HP LaserJet Managed Flow
    • HP LaserJet Enterprise Flow
    • HP LaserJet Enterprise 600
    • HP LaserJet Enterprise 700
    • HP LaserJet Enterprise
    • HP OfficeJet Enterprise Color
    • HP PageWide Color
    • HP PageWide Enterprise Color
    • HP PageWide Enterprise Color Flow
    • HP PageWide Managed Color
    • HP Scanjet Enterprise 8500
    • HP ScanJet Enterprise Flow
    • HP Color LaserJet Pro
    • HP LaserJet
    • HP LaserJet Pro
    • HP PageWide
    • HP PageWide Pro
    • HP PageWide Managed
    • HP DeskJet
    • HP DeskJet Ink Advantage
    • HP DeskJet Plus
    • HP DeskJet Plus Ink Advantage
    • HP OfficeJet Pro
    • HP DesignJet Z6+ Pro
    • HP DesignJet Z9+ Pro
    • HP DesignJet
    • HP DesignJet XL
    • HP PageWide XL

     

    HP owners and system administrators should check the published table to find out if printers that are in use in the home, business or enterprise environment are affected. Firmware updates are available for some of the printer models, for others, mitigations are provided to disable LLMNR.

     

    Second HP security bulletin

    scr-shared-ews-networking-tab-disable-pr

     

    The second security bulletin lists three vulnerabilities: CVE-2022-24291 with a rating of 7.5 and a severity of high, CVE-2022-24292 with a rating of 9.8 and a severity of critical, and CVE-2022-24293 with a rating of 9.8 and a severity of critical.

     

    HP notes that the issue can be fixed by installing a new firmware version that HP released. The list of affected products is smaller:

     

    • HP Color LaserJet Pro
    • HP PageWide
    • HP PageWide Managed
    • HP OfficeJet Pro

     

    Firmware is available for all affected printer models with the exception of HP Color LaserJet Pro MFP M2XX, which is listed as "remediation pending".

     

    Closing Words

     

    HP customers who operate affected printer models should consider upgrading the firmware immediately or apply the workaround to protect systems and data from attacks targeting the vulnerabilities.

     

    Now You: do you operate one of the affected printer models? (via Bleeping Computer)

     

     

     

    Hundreds of HP printers affected by critical security issues


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...