{"id":23767,"date":"2022-03-23T23:52:21","date_gmt":"2022-03-23T22:52:21","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=23767"},"modified":"2022-06-23T21:03:14","modified_gmt":"2022-06-23T19:03:14","slug":"hunderte-hp-druckermodelle-mit-rce-sicherheitslcke-mrz-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/03\/23\/hunderte-hp-druckermodelle-mit-rce-sicherheitslcke-mrz-2022\/","title":{"rendered":"Hundreds of HP printer models with RCE vulnerability (March 2022)"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\">[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/03\/23\/hunderte-hp-druckermodelle-mit-rce-sicherheitslcke-mrz-2022\/\">German<\/a>]HP warns in two security advisories about remote code execution (RCE) and information disclosure vulnerabilities in hundreds of its printer models. Attackers could exploit the vulnerability to inject malicious code into systems. However, the manufacturer has provided firmware updates to mitigate this vulnerabilites.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg02.met.vgwort.de\/na\/76efdf42fafb49089b10a49fc4406e40\" width=\"1\" height=\"1\">In the security advisories <a href=\"https:\/\/support.hp.com\/us-en\/document\/ish_5948778-5949142-16\/hpsbpi03780\" target=\"_blank\" rel=\"noopener\">HPSBPI03780<\/a> and <a href=\"https:\/\/support.hp.com\/us-en\/document\/ish_5950417-5950443-16\/hpsbpi03781\" target=\"_blank\" rel=\"noopener\">HPSBPI03781<\/a>, dated 21 March 2022, HP notes that certain HP printer models may be vulnerable to remote code execution (RCE) and buffer overflows. The two security alerts address critical vulnerabilities affecting hundreds of LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format and DeskJet printer models.<\/p>\n<p>Security alert <a href=\"https:\/\/support.hp.com\/us-en\/document\/ish_5948778-5949142-16\/hpsbpi03780\" target=\"_blank\" rel=\"noopener\">HPSBPI03780<\/a> mentions only vulnerability CVE-2022-3942 reported by Trend Micro. HP advises that certain HP Print and Digital Sending products may be vulnerable to remote code execution (RCE) and buffer overflows when using Link-Local Multicast Name Resolution (LLMNR). Details of CVE-2022-3942 are not disclosed &#8211; however, due to buffer overflow and remote code execution, the vulnerability has received a CVE score of 8.4, which HP itself rates as critical.<\/p>\n<p>he second security advisory, <a href=\"https:\/\/support.hp.com\/us-en\/document\/ish_5950417-5950443-16\/hpsbpi03781\" target=\"_blank\" rel=\"noopener\">HPSBPI03781<\/a>, escribes three other vulnerabilities reported by Trend Micro. Certain HP printing devices may be vulnerable to information disclosure, denial of service or remote code execution.<\/p>\n<ul>\n<li>CVE-2022-24291: CVSS 7.5, High\n<li>CVE-2022-24292: CVSS 9.8, Critical\n<li>CVE-2022-24293: CVSS 9.8, Critical<\/li>\n<\/ul>\n<p>For all these vulnerabilities, HP has released firmware updates to close the vulnerabilities. A list of affected HP products can be found in both security advisories <a href=\"https:\/\/support.hp.com\/us-en\/document\/ish_5948778-5949142-16\/hpsbpi03780\" target=\"_blank\" rel=\"noopener\">HPSBPI03780<\/a> and <a href=\"https:\/\/support.hp.com\/us-en\/document\/ish_5950417-5950443-16\/hpsbpi03781\" target=\"_blank\" rel=\"noopener\">HPSBPI03781<\/a>. The firmware for affected devices should be downloadable from the <a href=\"https:\/\/support.hp.com\/us-en\/drivers\/printers\" target=\"_blank\" rel=\"noopener\">HP download page<\/a>. <\/p>\n<p>The first reflex would be: since the vulnerabilities are rated high or critical, a prompt update of the printer firmware should be made. But the question is whether this update will cause such nice collateral damage as forcing the use of original HP cartridges or toner cartridges. If the printer is not accessible via the Internet and is isolated in a VLAN in the company network, the risk should be limited even without a firmware update. This solution must be used anyway if no firmware update is available for a device.<\/p>\n<p><strong>Similar articles:<\/strong><br \/><a href=\"https:\/\/web.archive.org\/web\/20210620121218\/https:\/\/borncity.com\/win\/2016\/09\/19\/hp-printer-firmware-disables-refill-ink-cartridges\/\">HP printer firmware disables refill ink cartridges<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2016\/10\/13\/hp-new-printer-firmware-enabled-refill-ink-cartridges\/\">HP: New printer firmware re-enables refill ink cartridges<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2016\/09\/29\/hp-apologizes-new-firmware-update-for-printers-soon\/\">HP apologizes, new firmware update for printers soon<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2016\/09\/29\/electronic-frontier-foundation-eff-criticizes-hp\/\">Electronic Frontier Foundation (EFF) criticizes HP<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2017\/09\/14\/firmware-update-blocks-again-non-hp-printer-cartridges\/\">Firmware Update blocks again non HP Printer Cartridges<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2016\/09\/19\/hp-printer-firmware-disables-refill-ink-cartridges\/\">HP printer firmware disables refill ink cartridges<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/02\/02\/firmware-downgrade-for-hp-printer\/\">Hints for HP Printer Firmware Downgrade<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]HP warns in two security advisories about remote code execution (RCE) and information disclosure vulnerabilities in hundreds of its printer models. Attackers could exploit the vulnerability to inject malicious code into systems. However, the manufacturer has provided firmware updates to &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/03\/23\/hunderte-hp-druckermodelle-mit-rce-sicherheitslcke-mrz-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580],"tags":[415,69],"class_list":["post-23767","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","tag-printer","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=23767"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23767\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=23767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=23767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=23767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}