Cybersecurity Advisory: Multiple Vulnerabilities Found In HP Printer Products

Cybersecurity Advisory: Multiple Vulnerabilities Found In HP Printer Products

A cybersecurity warning was issued this morning, Aug. 7, 2018, regarding multiple vulnerabilities found in Hewlett-Packard printer products. Successful exploitation of the most serious of these vulnerabilities could allow for remote code execution.

What It Is:
Hewlett-Packard (HP) offers computer hardware including printer products. Successful exploitation of the vulnerabilities discovered in HP printer products could result in an attacker gaining the same privileges as the logged on user. Depending on the printer's placement in the network, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

See the HP Security Bulletin for a full list of affected printer systems.

Threat Intelligence:
There is currently no evidence of these vulnerabilities being exploited in the wild. However, the Multi-State Information Sharing and Analysis Center (MS-ISAC) has previously observed a variety of printer exploits and defacements affecting internet-facing printers in state, local, tribal, and territorial governments, especially those located in universities, K-12 schools, and fire stations.

What It Means:
If your business or organization has HP printer products, you will need to install the security updates immediately to address these vulnerabilities to prevent a possible security breach.

Systems Affected Include:
This advisory affects a wide variety of HP ink printer products. See the full list of printer products affected.

Risk:
Government:

• Large and medium government entities: High
• Small government entities: High

Businesses:
• Large and medium business entities: High
• Small business entities: High

Home users: High

Technical Summary:
Multiple vulnerabilities have been discovered in HP products, which could allow for remote code execution. An attacker can exploit these vulnerabilities by sending a maliciously crafted file to an affected device which can cause a stack or static buffer overflow (CVE-2018-5924, CVE-2018-5925). Depending on the printer's placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.

What To Do:
We recommend the following actions be taken:

• Apply appropriate updates provided by HP to vulnerable systems, immediately after appropriate testing.
• Change all default printer login credentials and/or passwords.
• Implement the same security policies for printers as would be implemented on any networked system.
• Restrict inbound access to only authorized IP addresses, machines, and/or users.
• Disable unnecessary functions, services, and/or ports.
• Log printer activity and connections, and retain logs for a minimum of 90 days.
• Implement security features offered by printer manufacturers that include measures such as hard drive encryption, automated deletion of printer jobs, and drive overwrite capabilities.

Negative Consequences of Lost or Stolen Data Include:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information
• Disruption to regular operations
• Financial losses incurred to restore systems and files
• Potential harm to an organization’s reputation

Should your agency or business need assistance with the detection of vulnerabilities in HP printer products or an update of products to include patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.