F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev reported two eight-year-old vulnerabilities affecting 150 multifunction printers (MFPs) from PC maker HP that could be exploited to commandeer target devices, steal information, and penetrate enterprise networks to establish an attack beachhead.
The researchers' April 29 disclosure of the Printing Shellz flaws spurred HP to issue patches in November.
Hirvonen and Bolshev warned attackers can exploit flaws in MFPs' communications board and font parser "to gain code execution rights, with the former requiring physical access while the latter can be accomplished remotely."
A flaw in the buffer overflow is wormable, meaning it could be used to spread itself to other MFPs on the infiltrated network.
"While exploiting these issues is somewhat difficult, the public disclosure of these vulnerabilities will help threat actors know what to look for to attack vulnerable organizations," the researchers said.
From The Hacker News
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found