HP announced a severe vulnerability for 166 models of HP inkjet printers. By severe, they describe it as “9.8 out of 10” on the CVSS 3.0 Base Metrics. The full list of affected printers can be found here.
The vulnerability allows for the attacker to do “remote code execution.” HP isn’t very expressive in what that means, nor how it could be used by criminals. I do know that HP has been adding several new ‘cloud’ style features which allow for printing outside of the network. Hazarding a guess, I would say that this bug may be attached to those features. This means external access to a firewalled printer would grant access to the printer from the outside world. This is just a guess, but any severe threat should be seriously looked at and patched, regardless.
HP does recommend upgrading the firmware on your printers. You can visit the HP site for downloading the updated drivers/firmware here.
We at ACS believe this type of vulnerability is important to remedy for two reasons.
- People access corporate networks from home. Depending upon circumstances a compromised home printer could jeopardize the corporate network due to the remote worker accessing the corporate network from the network which the compromised printer resides.
- You may have one of these printers on your corporate network.
If you have one of these printers on your corporate network, work with your IT provider to update the firmware. If you have remote workers, you should begin working with them to get a list of printers on their remote networks and working to update them as quickly as possible.
If you would like to discuss this, or other IT security issues feel free to call me at 231-933-6333 x 1000, or email firstname.lastname@example.org.