54 HP Printer Models for Enterprises Remotely Vulnerable to Attackers
A remotely exploitable vulnerability in 54 HP printer models for enterprises has recently been found â€“ and patched â€“ that could allow threat actors to breach companies” infrastructure using rogue printer firmware.
Security researchers managed to bypass the printer”s signature verification process that vets legitimate firmware update files, enabling them to install tampered firmware updates that would allow for remote control over the affected printers. Although the process involved reverse engineering HP”s firmware signature validation algorithm, researchers also found other vulnerabilities that could allow cybercriminals to interfere with the printer”s operations.
“Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code,” reads the advisory.
Since enterprise printers are usually network-accessible, compromising one with rogue firmware would give cybercriminals a foothold into an organization”s network, enabling them to move laterally across networks in search of other vulnerable targets.
“With a method to construct our own HP software “Solution” packages, and another to bypass their digital signature validation mechanism, the only remaining hurdle was to build a piece of malware compatible with HP”s platform,” reads the researcher”s report.
Since the vulnerability can be weaponized to deliver any malicious payload, the risk of having these printers compromised by cybercriminals are very high, especially since they”re mostly deployed by companies.
The security advisory issued by HP lists 25 enterprise printer models affected by the arbitrary code execution flaw, and encourages everyone that has one within their infrastructure to update their firmware with the latest security patches.
For the full list of affected HP business printers, please check here.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021