Security News > 2021 > November > 150+ HP multifunction printers open to attack (CVE-2021-39237, CVE-2021-39238)

150+ HP multifunction printers open to attack (CVE-2021-39237, CVE-2021-39238)
2021-11-30 13:37

Over 150 HP multifunction printers are open to attack via two exposed physical access port vulnerabilities and two different font parsing vulnerabilities discovered by F-Secure security consultants Timo Hirvonen and Alexander Bolshev.

Attackers can exploit the vulnerabilities to seize control of vulnerable devices, steal information, and further infiltrate networks to inflict other types of damage, but the good news is that, earlier this month, HP has issued firmware updates that patch the vulnerabilities.

The most effective attack method would involve tricking a user from a targeted organization into visiting a malicious website, exposing the organization's vulnerable MFP to what's known as a cross-site printing attack.

"It's easy to forget that modern MFPs are fully-functional computers that threat actors can compromise just like other workstations and endpoints. And just like other endpoints, attackers can leverage a compromised device to damage an organizations infrastructure and operations. Experienced threat actors see unsecured devices as opportunities, so organizations that don't prioritize securing their MFPs like other endpoints leave themselves exposed to attacks like the ones documented in our research," explained Hirvonen.

"Large enterprises, companies working in critical sectors, and other organizations facing highly-skilled, well-resourced attackers need to take this seriously. There's no need to panic, but they should assess their exposure, so they're prepared for these attacks. Although the attack is advanced, it can be mitigated with the basics: network segmentation, patch management, and security hardening," said Hirvonen.

While there's no indication that threat actors are actively exploiting these vulnerabilities, defenders can detect an attack by monitoring the network traffic and doing log analysis, the consultants said.


News URL

https://www.helpnetsecurity.com/2021/11/30/cve-2021-39237-cve-2021-39238/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
HP 8964 146 744 522 669 2081