Hundreds of HP printers affected by critical security issues
HP has released two security bulletins informing customers of critical security issues affecting hundreds of the company’s printer models. Firmware updates that fix security issues are available for some printer models, but not all.
The first security bulletin confirms that certain HP printer models are affected by the critical security issue CVE-2022-3942. The remote code execution and buffer overflow issue uses Link-Local Multicast Name Resolution (LLMNR). The issue is rated 8.4 out of 10.
HP has created firmware updates for some of the affected printer models and released mitigation instructions for others. Models from the following printer families are affected by the vulnerability according to HP:
- HP Color LaserJet Enterprise
- HP Color LaserJet administrado
- HP Digital Sender Stream
- HP LaserJet Enterprise 500
- HP LaserJet Business Color Flow
- HP LaserJet Managed Flow
- HP LaserJet Business Flow
- HP LaserJet Enterprise 600
- HP LaserJet Enterprise 700
- HP LaserJet Enterprise
- Color empresarial HP OfficeJet
- Color HP PageWide
- Color empresarial HP PageWide
- HP PageWide Business Color Flow
- Color administrado HP PageWide
- HP Scanjet Enterprise 8500
- HP ScanJet Business Flow
- HP Color LaserJet Pro
- HP Laser Jet
- HP LaserJet Pro
- HP page width
- HP PageWide Pro
- HP PageWide administrado
- HP DeskJet
- Advantage of HP DeskJet ink
- HP DeskJet Plus
- HP DeskJet Plus Ink Advantage
- HP OfficeJet Pro
- HP DesignJet Z6+ Pro
- HP DesignJet Z9+ Pro
- HP Design Jet
- HP DesignJet XL
- HP PageWide XL
HP owners and system administrators should refer to the published table to find out if printers used in the home, business, or corporate environment are affected. Firmware updates are available for some of the printer models, for others, mitigations are provided to disable LLMNR.
Second HP Security Bulletin
The second security bulletin lists three vulnerabilities: CVE-2022-24291 with a rating of 7.5 and a severity of High, CVE-2022-24292 with a rating of 9.8 and a severity of Critical, and CVE-2022-24293. with a rating of 9.8 and a critical severity.
HP notes that the problem can be fixed by installing a new firmware version that HP released. The list of affected products is smaller:
- HP Color LaserJet Pro
- HP page width
- HP PageWide administrado
- HP OfficeJet Pro
Firmware is available for all affected printer models with the exception of the HP Color LaserJet Pro MFP M2XX, which is listed as “repair pending.”
closing words
HP customers using affected printer models should consider updating the firmware immediately or applying the workaround to protect systems and data from attacks targeting the vulnerabilities.
Now you: Are you using one of the affected printer models? (via Computer beep)
advertising
Related posts:
How to access Steam games without an internet connection 
How to view FPS with Xbox Game Bar in Windows 10: Steps Made Easy 
Hacked account? How to check and remedy 
How to make video calls from WhatsApp Web 
How to increase the RAM memory of a desktop or laptop + Tips and Tricks 
How to organize your YouTube subscriptions into categories
+ Tips and Tricks
