A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Printing Shells: Remote Code Execution vulnerability in HP multi-function printers (MFPs)

Printing Shells: Remote Code Execution vulnerability in HP multi-function printers (MFPs)

Advisory No: TZCERT/SA/2021/12/01

Date of First Release: 01st December 2021

Source: HP

Software Affected: HP Color LaseJet Enterprise, HP OfficeJet Enterprise and HP ScanJet Enterprise 8500 FN1 firmware.

Overview

Two vulnerabilities, namely CVE-2021-39238 and CVE-2021-39237, exists in HP multi-function printers (MFPs)  products. The exploitation of these vulnerabilities could allow an attacker to take control of the affected systems.

Description

The first vulnerability (CVE-2021-39238), the buffer flow issue, could lead to the development of a self-propagating network worm capable of spreading autonomously to other vulnerable MFPs on the same network.

The second vulnerability (CVE-2021-39237) is an information disclosure bug caused by an exposed physical port; local access is necessary as an attack vector.

These weaknesses can be exploited locally by gaining physical access to the device through printing from USB. Another possible attack vector for CVE-2021-39238 is sending an exploit payload through a browser via cross-site printing (XSP).

Impact

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected systems.

Solution:

HP has issued updates to fix vulnerable versions of the printer’s firmware. Users and Administrators are encouraged to apply necessary updates.

References:

  1. https://labs.f-secure.com/publications/printing-shellz 
  2. https://support.hp.com/us-en/document/ish_5000383-5000409-16/hpsbpi03749
  3. https://www.zdnet.com/article/printing-shellz-critical-bugs-impacting-150-hp-printers-patched/

Check Also

Log4Shell: Apache Log4j Remote Code Execution (CVE-2021-44228)

Advisory No: TZCERT/SA/2021/12/14 Date of First Release: 14th December 2021 Source: Apache Software Affected: All versions of Log4j from 2.0-beta9 …