HP Confirms New Remote Code Execution Vulnerability Affects Several Printer Models
HP has acknowledged that its several printer models are vulnerable to a new critical buffer overflow bug that can potentially lead to remote code execution (RCE). This latest security flaw is being tracked under CVE-2022-3942, and it was first discovered by Trend Micro’s Zero Day Initiative team.
As noted in a post by Bleeping Computer, the new security vulnerability comes with a CVSS score of 8.4 (high). HP warned in its first security advisory that this bug impacts a large number of its printer models, including LaserJet Pro, OfficeJet, Pagewide Pro, Large Format, Enterprise, as well as DeskJet models.
“Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with the use of Link-Local Multicast Name Resolution or LLMNR.” HP explained in its security advisory.
Buffer overflow refers to an error that occurs when an application tries to store more data in the buffer memory than it can handle. The buffer overflow bug usually causes malfunctioning and system crashes. However, it can also allow hackers to gain control over compromised systems.
Fortunately, HP has already released new firmware updates for most potentially vulnerable printer models. However, it advises the users of HP Enterprise and HP LaserJet Pro printers to disable LLMNR (Link-Local Multicast Name Resolution) in network settings to mitigate the problem.
HP printer models are also vulnerable to information disclosure and denial of service attacks
Moreover, HP published a separate security advisory yesterday regarding three security flaws (CVE-2022-24291, CVE-2022-24292, and CVE-2022-24293) that currently affect various printer models. The company warned that any threat actor could exploit these flaws to perform remote code execution, launch denial of service attacks, and access sensitive information.
Again, HP has recommended users to install the latest firmware updates as soon as possible on all affected printer models. To do so, head over to HP’s official website, select the printer model from the list and finally download the latest firmware version. Currently, these security patches are only available for select printers, and the company plans to release updates for the LaserJet Pro models soon.
More in Security
Microsoft Detects Raspberry Robin Windows Worm in Hundreds of Enterprise Networks
Jul 6, 2022 | Rabia Noureen
CISA Advises Federal Agencies to Patch Windows LSA Flaw Affecting Domain Controllers
Jul 5, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Now Detects Network Threats on Android and iOS Devices
Jul 5, 2022 | Rabia Noureen
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
Most popular on petri