Three critical RCE defects affect hundreds of HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.
HP has issued a security bulletin alert about a buffer overflow vulnerability tracked as CVE-2022-3942 (CVSS score 8.4) that could lead to remote code execution on vulnerable devices.
“Certain HP printing and digital sending products use link-local multicast name resolution or LLMNR to be vulnerable to potential remote code execution and buffer overflows.” conclusion suasion.
HP has already addressed the flaw by releasing a firmware security update for most affected devices. HP has also published a mitigation for this issue, and the company suggests disabling Link-Local Multicast Name Resolution (LLMNR).
IT magnate issued a separate security bulletin board About 3 vulnerabilities, 2 CVE-2022 rated Critical (CVE-2022-24292 (severe severity score: 9.8) and CVE-2022-24293 (severe severity score: 9.8)) and 1 rated high severity -24291 (High Severity) score: 7.5).
“Certain HP printing devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.” read circular Published by HP.
This flaw could be exploited for information disclosure, obtain remote code execution, and trigger a denial of service condition, respectively.
HP has addressed all of the above issues with the release of . printer firmware For some models affected.
Follow me on Twitter: @securityaffairs And Facebook
(security work – Hacking, RCE)
share