Printing Shells: Remote Code Execution vulnerability in HP multi-function printers (MFPs)

Published On: Dec 02, 2021 06:57

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2021/12/01

Date of First Release: 01st December 2021

Source: HP

Software Affected: HP Color LaseJet Enterprise, HP OfficeJet Enterprise and HP ScanJet Enterprise 8500 FN1 firmware.

Overview

Two vulnerabilities, namely CVE-2021-39238 and CVE-2021-39237, exists in HP multi-function printers (MFPs)  products. The exploitation of these vulnerabilities could allow an attacker to take control of the affected systems.

Description

The first vulnerability (CVE-2021-39238), the buffer flow issue, could lead to the development of a self-propagating network worm capable of spreading autonomously to other vulnerable MFPs on the same network.

The second vulnerability (CVE-2021-39237) is an information disclosure bug caused by an exposed physical port; local access is necessary as an attack vector.

These weaknesses can be exploited locally by gaining physical access to the device through printing from USB. Another possible attack vector for CVE-2021-39238 is sending an exploit payload through a browser via cross-site printing (XSP).

Impact

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected systems.

Solution:

HP has issued updates to fix vulnerable versions of the printer’s firmware. Users and Administrators are encouraged to apply necessary updates.

References:

  1. https://labs.f-secure.com/publications/printing-shellz 
  2. https://support.hp.com/us-en/document/ish_5000383-5000409-16/hpsbpi03749
  3. https://www.zdnet.com/article/printing-shellz-critical-bugs-impacting-150-hp-printers-patched/

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident