• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

HP Printer Hijack Bugs Impact 150 Models

You are here: Home / General Cyber Security News / HP Printer Hijack Bugs Impact 150 Models
December 1, 2021

Security researchers have found out two vulnerabilities in multi-perform printers (MFPs) which impacted 150 products designs.

F-Secure security consultants Timo Hirvonen and Alexander Bolshev have prepared up their results in a specific report, Printing Shellz.

Specially, they located a bodily access port vulnerability (CVE-2021-39237) and a font parsing bug (CVE-2021-39238) in HP’s MFP M725z machine. They turned out to impact scores a lot more merchandise in the FutureSmart line courting back again to 2013.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CVE-2021-3928 is the a lot more hazardous of the two as it can be exploited remotely, potentially by tricking an worker into traveling to a malicious web page, to conduct a “cross-website printing” attack. Below, the website would automatically print a doc made up of a maliciously crafted font on a vulnerable MFP, said F-Protected.

This would permit an attacker to execute arbitrary code on the machine to steal any printed, scanned or faxed details, such as system passwords.

The report claimed that it could also enable attackers to launch further attacks into the corporate network to unfold ransomware, steal data from extra sensitive data suppliers and achieve other targets.

The bugs are also wormable, that means many MFPs on the exact network could be immediately impacted.

“It’s simple to fail to remember that present day MFPs are absolutely-practical pcs that menace actors can compromise just like other workstations and endpoints. And just like other endpoints, attackers can leverage a compromised gadget to injury an organization’s infrastructure and operations,” defined F-Secure’s Hirvonen.

“Experienced risk actors see unsecured products as chances, so corporations that don’t prioritize securing their MFPs like other endpoints go away themselves exposed to attacks like the ones documented in our exploration.”

HP has issued patches for the vulnerabilities, which are described as “medium” (CVE-2021-39237) and critical severity (CVE-2021-39238).

Whilst they are only believed to be exploitable by superior specific attackers, enterprises had been urged to patch them as quickly as probable.


Some sections of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «hacker jailed for stealing millions of dollars in cryptocurrencies by Hacker Jailed for Stealing Millions of Dollars in Cryptocurrencies by SIM Hijacking
Next Post: UK and Singapore align closer on digital trade uk and singapore align closer on digital trade»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
  • Fronton IOT Botnet Packs Disinformation Punch
  • SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
  • New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild
  • Open source packages with millions of installs hacked to harvest AWS credentials
  • DOE ‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌funds‌ ‌development of Qunnect’s Quantum Repeater
  • Cabinet Office Reports 800 Missing Electronic Devices in Three Years
  • Malware Analysis: Trickbot
  • Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
  • US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info

Copyright © TheCyberSecurity.News, All Rights Reserved.