HP Printer Hijack Bugs Impact 150 Models
Security researchers have reported two new vulnerabilities in HP’s multi-function printers. The vulnerabilities impact 150 product models, according to security consultants at F-Secure. A detailed report regarding the vulnerabilities has been released, called Printing Shellz, by researchers Timo Hirvonen and Alexander Bolshev. The pair found that HP multi-function printers have a physical access port vulnerability and a font parsing bug, tracked as CVE-2021-39237 and CVE-2021-39238 respectively.
The latter is the more dangerous of the two as it can be exploited remotely. One possible attack method would be to trick an employee into visiting a malicious website in order to launch a cross-site printing attack. The website would automatically print a document containing maliciously crafted font via a vulnerable multi-function printer. The report stated that the font parsing bug could also enable attackers to launch deeper attacks into corporate networks, which could lead to ransomware attacks, data theft, and other malicious activities. The bugs have been found to be wormable, meaning that multiple printers on the same network could be impacted.
Read More: HP Printer Hijack Bugs Impact 150 Models