Security researchers have identified two critical vulnerabilities that affect more than 150 HP multifunction printer models. This allows hackers to read and take over the printer remotely, and even gain access to a company server. A patch is now available and HP recommends that customers install it as soon as possible.
Cybersecurity company F-Secure discovered the vulnerability and has devoted an extensive blog to it.
The most effective way to exploit the vulnerabilities found – CVE-2021-39237 and CVE-2021-39238 – is to have an employee click on an untrustworthy link. Visiting a malicious web page is enough to get away with a multifunction printer. Via the page, the attacker instructs the printer to print a document with malicious fonts (fonts). This makes it possible to perform a so-called Remote Code Execution (RCE) from a distance. The security researchers also refer to this digital intrusion method as a cross-site printing attack.
Without anyone noticing, a hacker can read information from the printer’s memory. If someone makes a copy of documents containing financial or other business-sensitive information or has scanned an employee’s ID, for example, this data ends up in the wrong hands. Cybercriminals can use this information to steal more personal data from victims ( phishing ), assume the identity of another person ( identity fraud ) or sell it to the highest bidder.
In theory, it is also possible to obtain login data from the printer – and thus the company network – in this way. Hackers can then infiltrate servers or other parts of a network via a small detour. Once inside, they can try to gain more rights. This is also known as the privilege escalation phase of a cyber attack.
What makes the vulnerabilities even more dangerous is that they are wormable. That means the vulnerabilities can be used to spread malware. According to Timo Hirvonen, one of the discoverers of the exploits, printers are fully-fledged computers. “And like other endpoints, attackers can use a compromised device to damage an organization’s infrastructure and operations.” That is why it is good for companies and organizations to also properly protect peripherals such as printers.
F-Secure emphasizes that the exploits are far from easy to execute. It is not obvious that novice hackers or attackers with little knowledge and experience have abused the vulnerabilities. Experienced hackers, on the other hand, can use these methods to attack specific targets.
CVE-2021-39237 is not considered a dangerous threat. On a scale of 1 to 10, this vulnerability scores 4.6. CVE-2021-39238, on the other hand, is extremely dangerous. According to the National Vulnerability Database, it has a score of 9.8.
HP recommends that everyone install the latest updates as soon as possible. The printer manufacturer has prepared two lists containing all affected models. It is unknown whether the exploits were actually used. In the video below, the vulnerabilities’ discoverers demonstrate how to access the network to which the printer is connected through the audit.
Catch up on more articles here
Follow us on Twitter here