Sunday, December 3, 2023

Printing Shellz – New Vulnerabilities That Affects 150 Different Multifunction Printers

Printing Shellz, a new set of security vulnerabilities that is affecting approximately 150 HP MFPs (Multifunction Printers). Printing Shellz comprises two vulnerabilities that are discovered by researchers from F-Secure, and both of them are marked as “Critical.”

According to the report, An attacker can easily exploit these two vulnerabilities to:-

  • Take over the exposed devices
  • Steal sensitive information
  • Sneak into corporate networks for more attacks

On MFPs (Multifunction Printers) the exploit launches a SOCKS proxy, and this allows the attacker to move parallel within the network infrastructure. 

While if the attackers want then they can easily print a maliciously crafted document to use it as an alternative attack vector.

Vulnerabilities

Here we have mentioned the two vulnerabilities below:-

  • CVE-2021-39237
  • CVE-2021-39238

Flaw profile

  • CVE ID: CVE-2021-39237
  • Description: It is an information disclosure vulnerability impacting certain HP printers like LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
  • Severity: High
  • HP Reference: HPSBPI03748
  • Potential Security Impact: Information disclosure
  • CVSS: 7.1
  • Release date: November 1, 2021
  • Last updated: November 30, 2021
  • CVE ID: CVE-2021-39238
  • Description: It is a buffer overflow vulnerability that affects certain HP printers like HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.
  • Severity: Critical
  • HP Reference: HPSBPI03749
  • Potential Security Impact: Potential buffer overflow
  • CVSS: 9.3
  • Release date: November 1, 2021
  • Last updated: November 30, 2021

Apart from this, HP was active enough to address these two vulnerabilities, and the patches are out now, which were originally discovered by F-Secure’s Alexander Bolshev and Timo Hirvonen.

Here’s what the F-Secure researchers have published:-

“We found multiple exploitable bugs in a HP multi-function printer (MFP). The flaws are in the unit’s communications board and font parser. An attacker can exploit them to gain code execution rights, with the former requiring physical access while the latter can be accomplished remotely. A successful attack will allow an adversary to achieve various objectives, including stealing information or using the compromised machine as a beachhead for future attacks against an organization.”

Attack scenarios

Here, we have mentioned all the possible attack scenarios:-

  • Printing from USB drives.
  • Printing a malicious document by social engineering a user.
  • Connecting directly to the physical LAN port for printing.
  • Printing from another device that is under the attacker’s control and in the same network segment.
  • Cross-site printing (XSP).
  • Direct attack via exposed UART ports

Moreover, the experts at F-Secure lab have strongly recommended all the users and organizations to immediately install the patches, to avoid any attack from the threat actors who are seeking to exploit these vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles