Search
Breaking NewsHackinghacking news

HP would take up to 90 days to fix a critical bug in some business-grade printersSecurity Affairs

Read More
Pierluigi Paganini
139
0

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers.

HP is aware of a critical vulnerability, tracked as CVE-2023-1707 (CVSS v3.1 score 9.1), that affects tens of HP Enterprise LaserJet and HP LaserJet Managed Printers models. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. An attack can trigger the bug to access data transmitted between the vulnerable HP printer and other systems on the same network segment.

The company pointed out that the information disclosure can be achieved only by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled.

“Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.” reads the bulletin published by the company.

The vendor has released temporary firmware mitigation for customers currently running FutureSmart 5.6 with IPsec enabled on their printers. The company recommends customers immediately revert to a prior firmware version (FutureSmart version 5.5.0.3).

HP told BleepingComputer that it is not aware of any active exploits, the company pointed out that the exposure period to this potential vulnerability was limited to mid-February 2023 until the end of March 2023)

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs hacking, printers)



Source

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers.

HP is aware of a critical vulnerability, tracked as CVE-2023-1707 (CVSS v3.1 score 9.1), that affects tens of HP Enterprise LaserJet and HP LaserJet Managed Printers models. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. An attack can trigger the bug to access data transmitted between the vulnerable HP printer and other systems on the same network segment.

The company pointed out that the information disclosure can be achieved only by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled.

“Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.” reads the bulletin published by the company.

The vendor has released temporary firmware mitigation for customers currently running FutureSmart 5.6 with IPsec enabled on their printers. The company recommends customers immediately revert to a prior firmware version (FutureSmart version 5.5.0.3).

HP told BleepingComputer that it is not aware of any active exploits, the company pointed out that the exposure period to this potential vulnerability was limited to mid-February 2023 until the end of March 2023)

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs hacking, printers)



Source

Previous articleHow to Prevent Malware Attacks: 8 Tips for 2023
Next articleExploiting insecure exception logging | Invicti
Pierluigi Paganini

More from author

Breaking News

Apple fixed new actively exploited CVE-2023-38606 zero-daySecurity Affairs

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released...
Pierluigi Paganini -
Read
Breaking News

Virustotal data leak exposed data of some registered customersSecurity Affairs

The online malware scanning service VirusTotal leaked data associated with some registered customers, German newspapers reported. German newspapers Der Spiegel and...
Pierluigi Paganini -
Read
adobe

Adobe warns customers of critical ColdFusion RCE exploited in attacksSecurity Affairs

Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers...
Pierluigi Paganini -
Read

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Breaking News

Apple fixed new actively exploited CVE-2023-38606 zero-daySecurity Affairs

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released...
Pierluigi Paganini -
Advertismentspot_img

Latest posts

The MOVEit Zero-Day Vulnerability: How to Respond

admin - 0
The zero-day vulnerability in Progress Software's MOVEit Transfer product is being exploited by the Clop ransomware gang and other copycat cybercriminal groups to expedite...

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)

Zeljka Zorz - 0
A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out...

Apple fixed new actively exploited CVE-2023-38606 zero-daySecurity Affairs

Pierluigi Paganini - 0
Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

© 2024 Pid All rights reserved. Made with by PDS