acm-header
Sign In

Communications of the ACM

ACM TechNews

Hundreds of HP Printer Models Vulnerable to Remote Code Execution


Inside an HP printer.

HP has released firmware security updates for most of the affected products. For the models without a patch, the company provides mitigation instructions that revolve mainly around disabling LLMNR (Link-Local Multicast Name Resolution) in network settings

Credit: HP

HP issued security advisories for three critical-severity vulnerabilities impacting its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

The first bulletin reveals a buffer overflow flaw, identified by Trend Micro's Zero Day Initiative team, which could enable remote code execution on affected printers.

The company has released firmware security updates for most of the affected models, and instructions for disabling LLMNR (Link-Local Multicast Name Resolution) in network settings for models without a patch.

The second bulletin discloses two critical and one high-severity vulnerabilities, also detected by the Zero Day Initiative team, which could be exploited for information disclosure, remote code execution, and denial of service.

Those with the impacted machines were advised to apply the security updates as soon as possible, place the devices behind a network firewall, and implement remote access restriction policies.

From BleepingComputer (03/22/22) Bill Toulas
View Full Article

 

Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account