Overview

Description

Advisory No: TZCERT/SA/2021/12/01

Date of First Release: 01^st December 2021

Source: HP

Software Affected: HP Color LaseJet Enterprise, HP OfficeJet Enterprise and HP ScanJet Enterprise 8500 FN1 firmware.

Overview

Two vulnerabilities, namely CVE-2021-39238 and CVE-2021-39237, exists in HP multi-function printers (MFPs)  products. The exploitation of these vulnerabilities could allow an attacker to take control of the affected systems.

Description

The first vulnerability (CVE-2021-39238), the buffer flow issue, could lead to the development of a self-propagating network worm capable of spreading autonomously to other vulnerable MFPs on the same network.

The second vulnerability (CVE-2021-39237) is an information disclosure bug caused by an exposed physical port; local access is necessary as an attack vector.

These weaknesses can be exploited locally by gaining physical access to the device through printing from USB. Another possible attack vector for CVE-2021-39238 is sending an exploit payload through a browser via cross-site printing (XSP).

Impact

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected systems.

Solution:

HP has issued updates to fix vulnerable versions of the printer’s firmware. Users and Administrators are encouraged to apply necessary updates.

References:

1. https://labs.f-secure.com/publications/printing-shellz 
2. https://support.hp.com/us-en/document/ish_5000383-5000409-16/hpsbpi03749
3. https://www.zdnet.com/article/printing-shellz-critical-bugs-impacting-150-hp-printers-patched/

Impact

Solution

References