Three vulnerabilities in HP Laserjet Pro and MFP models have now received entries in the CVE database and the appropriate updates to close them. Attackers from the network can smuggle any code to affected devices or extend their rights through vulnerabilities. Cybercriminals can use this to nest in the network.
HP Laserjet: High security vulnerability
Weaknesses are potential buffer overflows. Attackers can use one of these to escalate their privileges (CVE-2023-27971CVSS 8.8risk”highanother that allows malicious code to be executed from the network (CVE-2023-27972CVSS 8.8And high). The third vulnerability is a slightly different heap-based buffer overflow that can be used by network attackers to inject malicious code (CVE-2023-27973CVSS 8.8And high).
According to HP, the gaps affect the printer series HP Color LaserJet MFP M478-M479And HP Color LaserJet Pro M453-M454 PrinterAnd HP LaserJet Pro M304-M305 Printer And M404-M405 Beside HP LaserJet Pro MFP M428-M429 and related F-a chain of it.
To fill in the security holes, HP provides a Firmware version 002_2310A or newer available. IT managers should get these fast from Download the HP support website and install. Searching for the printer’s model number on the site will return the current firmware, among other things.
At the beginning of April, HP reported a critical vulnerability in about 50 Laserjet series printers. For now, they can be secured with temporary countermeasures – to be more specific, installing older firmware will help at first – the patch will be announced in about 60 days from the current reporting date.
(DMK)
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”