Hundreds of HP Printers Affected by Critical Security Issues


HP has released two security bulletins that notify customers of critical security issues affecting hundreds of the company’s printer models. Firmware updates that fix security issues are available for some printer models, but not all.

the first safety bulletin confirms that certain HP printer models are affected by critical security issue CVE-2022-3942. The remote code execution and buffer overflow issue uses link-local multicast name resolution (LLMNR). The problem is rated 8.4 out of 10.

HP has created firmware updates for some of the affected printer models and released mitigation instructions for others. According to HP, models from the following printer families are affected by the vulnerability:

  • HP Color LaserJet Enterprise
  • Managed HP Color LaserJet
  • HP Digital Sender Feed
  • HP LaserJet Enterprise 500
  • HP LaserJet Enterprise color workflow
  • HP LaserJet Managed Workflow
  • HP LaserJet Business Feed
  • HP LaserJet Enterprise 600
  • HP LaserJet Enterprise 700
  • HP LaserJet Enterprise
  • HP OfficeJet Business Color
  • HP PageWide color
  • HP PageWide Business Color
  • HP PageWide Enterprise color workflow
  • HP PageWide Managed Color
  • HP Scanjet Enterprise 8500
  • HP ScanJet Business Feed
  • HP Color LaserJet Pro
  • HP LaserJet
  • HP LaserJet Pro
  • HP PageWide
  • HP PageWide Pro
  • HP PageWide Management
  • HP DeskJet
  • Advantage of HP DeskJet ink
  • HP DeskJet Plus
  • Advantage of HP DeskJet Plus Ink
  • HP OfficeJet Pro
  • HP DesignJet Z6+ Pro
  • HP DesignJet Z9+ Pro
  • HP DesignJet
  • HP DesignJet XL
  • HP PageWide XL

HP owners and system administrators should consult the published table to determine if printers used in a home, office or business environment are affected. Firmware updates are available for some printer models, for others mitigations are provided to disable LLMNR.

Second HP Security Bulletin

the second security bulletin lists three vulnerabilities: CVE-2022-24291 with a rating of 7.5 and high severity, CVE-2022-24292 with a rating of 9.8 and critical severity, and CVE-2022-24293 with a rating of 9, 8 and critical severity.

HP notes that the issue can be resolved by installing a new firmware version released by HP. The list of affected products is smaller:

  • HP Color LaserJet Pro
  • HP PageWide
  • HP PageWide Management
  • HP OfficeJet Pro

The firmware is available for all affected printer models, except for HP Color LaserJet Pro MFP M2XX, which is listed as “fix pending”.

Closing words

HP customers using affected printer models should consider upgrading the firmware immediately or applying the workaround to protect systems and data from attacks targeting the vulnerabilities.

Now you: are you using one of the affected printer models? (via beeping computer)

Summary

Hundreds of HP Printers Affected by Critical Security Issues

Article name

Hundreds of HP Printers Affected by Critical Security Issues

The description

HP has released two security bulletins that notify customers of critical security issues affecting hundreds of the company’s printer models.

Author

Martin Brinkman

Editor

Ghacks Technology News

Logo

Advertising

Previous Debt Consolidation Market 2022 | Growth, Share, Trends, Opportunities and Focus on Top Players | Clear Credit Solutions, Australian Debt Agreements, Think Money, Debt Negotiators - ChattTenn Sports
Next Strange Way to Get Rid of Bedbugs in Western New York