Printing Shellz, a new set of security vulnerabilities that is affecting approximately 150 HP MFPs (Multifunction Printers). Printing Shellz comprises two vulnerabilities that are discovered by researchers from F-Secure, and both of them are marked as “Critical.”
According to the report, An attacker can easily exploit these two vulnerabilities to:-
- Take over the exposed devices
- Steal sensitive information
- Sneak into corporate networks for more attacks
On MFPs (Multifunction Printers) the exploit launches a SOCKS proxy, and this allows the attacker to move parallel within the network infrastructure.
While if the attackers want then they can easily print a maliciously crafted document to use it as an alternative attack vector.
Vulnerabilities
Here we have mentioned the two vulnerabilities below:-
- CVE-2021-39237
- CVE-2021-39238
Flaw profile
- CVE ID: CVE-2021-39237
- Description: It is an information disclosure vulnerability impacting certain HP printers like LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
- Severity: High
- HP Reference: HPSBPI03748
- Potential Security Impact: Information disclosure
- CVSS: 7.1
- Release date: November 1, 2021
- Last updated: November 30, 2021
- CVE ID: CVE-2021-39238
- Description: It is a buffer overflow vulnerability that affects certain HP printers like HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.
- Severity: Critical
- HP Reference: HPSBPI03749
- Potential Security Impact: Potential buffer overflow
- CVSS: 9.3
- Release date: November 1, 2021
- Last updated: November 30, 2021
Apart from this, HP was active enough to address these two vulnerabilities, and the patches are out now, which were originally discovered by F-Secure’s Alexander Bolshev and Timo Hirvonen.
Here’s what the F-Secure researchers have published:-
“We found multiple exploitable bugs in a HP multi-function printer (MFP). The flaws are in the unit’s communications board and font parser. An attacker can exploit them to gain code execution rights, with the former requiring physical access while the latter can be accomplished remotely. A successful attack will allow an adversary to achieve various objectives, including stealing information or using the compromised machine as a beachhead for future attacks against an organization.”
Attack scenarios
Here, we have mentioned all the possible attack scenarios:-
- Printing from USB drives.
- Printing a malicious document by social engineering a user.
- Connecting directly to the physical LAN port for printing.
- Printing from another device that is under the attacker’s control and in the same network segment.
- Cross-site printing (XSP).
- Direct attack via exposed UART ports
Moreover, the experts at F-Secure lab have strongly recommended all the users and organizations to immediately install the patches, to avoid any attack from the threat actors who are seeking to exploit these vulnerabilities.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.
