This alert is originally published and can be viewed at cisecurity.org
Multiple Vulnerabilities have been discovered in HP Printer products, which could allow for remote code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.
There is no evidence of these vulnerabilities being exploited in the wild. However, the MS-ISAC has previously observed a variety of printer exploits and defacements affecting Internet-facing printers in state, local, tribal, and territorial governments, especially those located in universities, K-12 schools, and fire stations.
Large and medium government entities: HIGH
Small government entities: HIGH
Large and medium business entities: HIGH
Small business entities: HIGH
Home Users: HIGH
Multiple Vulnerabilities have been discovered in HP products, which could allow for remote code execution. An attacker can exploit these vulnerabilities by sending a maliciously crafted file to an affected device which can cause a stack or static buffer overflow (CVE-2018-5924, CVE-2018-5925). Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend the following actions be taken:
Apply appropriate updates provided by HP to vulnerable systems, immediately after appropriate testing.
Change all default printer login credentials and/or passwords.
Implement the same security policies for printers as would be implemented on any networked system.
Restrict inbound access to only authorized IP addresses, machines, and/or users.
Disable unnecessary functions, services, and/or ports.
Log printer activity and connections, and retain logs for a minimum of 90 days.
Implement security features offered by printer manufacturers that include measures such as hard drive encryption, automated deletion of printer jobs, and drive overwrite capabilities.