July 2, 2022

Numerous HP printer fashions, together with LaserJet Professional, Pagewide Professional, OfficeJet, Enterprise, Giant Format, and DeskJet, have been up to date just lately to handle three safety points rated as essential.

Initially, there’s a buffer overflow safety flaw that might permit distant code execution on an affected laptop. Development Micro’s Zero Day Initiative workforce reported this safety flaw, which is tracked as CVE-2022-3942.

HP lists the severity of the bug as essential, although it comes with a CVSS severity rating of 8.4 (excessive). Moreover, HP revealed mitigation strategies for this drawback, comparable to disabling LLMNR.


The advisory said:-

“Sure HP Print merchandise and Digital Sending merchandise could also be weak to potential distant code execution and buffer overflow with using Hyperlink-Native Multicast Title Decision or LLMNR.”

The Second Set of Vulnerabilities

Right here beneath we have now talked about the second set of vulnerabilities detected:-

  • CVE-2022-24292 (CVSS rating 9.8)
  • CVE-2022-24293 (CVSS rating 9.8)
  • CVE-2022-24291 (CVSS rating 7.5)

Utilizing the embedded net server (EWS) for LaserJet Professional, you may disable unused protocols. For different merchandise, check out this information.

One of many listed LaserJet Professional fashions doesn’t seem to have been suggested to take mitigation motion, nonetheless, it has been marked as pending, so the safety updates for that one ought to quickly be accessible.

With a view to obtain the most recent accessible model of the firmware for all different fashions, please go to HP’s official software program and driver obtain portal, navigate to the suitable mannequin, and choose it.

Nonetheless, these vulnerabilities haven’t been extensively mentioned, however the repercussions of distant code execution and knowledge disclosure are prone to be substantial and damaging.

See also  Hackers Distributing Malicious RTF Excel Sheets Doc and Putting in RAT utilizing VBA Macro code

Whereas the severity ranges level to the necessity to apply safety updates as quickly as attainable, to limit distant entry, and to place the gadgets behind a firewall.

You may observe us on Linkedin, TwitterFb for every day Cybersecurity and hacking information updates.