[German]Printer manufacturer Hewlett Packard has published security messages warning of vulnerabilities in various HP Laserjet printers. These vulnerabilities can be used to inject code. The manufacturer has provided firmware updates to close the vulnerabilities in its devices. Thanks to the reader for the tip.
Advertising
HP has published this security advisory titled Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Information Disclosure as of 20 February 2024. According to the notice, certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure. The issue occurs when connections made by the device to services enabled by some solutions may have been trusted without the corresponding CA certificate in the device's certificate store.
HP classifies the vulnerability CVE-2024-0407 as High and has set the CVSS index to 6.8. HP has provided firmware updates for potentially affected products. The products are listed in the security advisory. The updates can be downloaded from the HP Customer Support – Software and Driver Downloads page.
German site heise also addresses a second vulnerability CVE-2024-0794 iin HP printers. This vulnerability even has a CVSS index of 8.6 and occurs when processing fonts embedded in PDFs. According to the HP alert Certain LaserJet Pro, HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Buffer Overflow, Potential Remote Code Execution , certain HP LaserJet Pro, HP Enterprise LaserJet and HP LaserJet Managed printers are potentially vulnerable to remote code execution due to a buffer overflow when rendering fonts embedded in a PDF file. HP is also providing firmware updates for this issue. Details can be found in the linked HP document.
Advertising
