Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firmware update tackles remote code bugs in HP InkJet machines


  • Please log in to reply
1 reply to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 03 August 2018 - 05:42 PM

HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers.

 

The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the targeted printer.

 

Discovery of the bugs was credited to HP's in-house Product Security Response Team.

 

In total, HP says the patch will need to be applied to some 225 different models of inkjet printers across its Pagewide, DesignJet, OfficeJet, Deskjet, and HP Envy product lines.

 

https://www.theregister.co.uk/2018/08/03/hp_printer_malware/



BC AdBot (Login to Remove)

 


#2 Replicator

Replicator

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:10:50 PM

Posted 04 August 2018 - 08:33 AM

I applaud HP for joining a Bugbounty program, I only wish Epson would do the same.

 

Being a member of 'bugcrowd' as a researcher, i did not notice their commitment to its programs pages yet.....maybe its part of a private group which i dont have access too, or part of one of the other bugbounty sites?

 

Good to see printer manufacturers doing something positive towards securing their hardware in an increasingly hostile environment.

 

It should help increase sales, especially in the corporate sector which takes security far more seriously.

I know that its quite possible that i will swap out my Epson for a HP as current printer security on my home network seems to be its weakest link in testing.

 

My Epson has 7 open ports exposed to the WAN (only port 445 is filtered running smbd).....that seems excessive to me for a simple wifi printer!

 

Thanks for the find John.


Edited by Replicator, 04 August 2018 - 08:41 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users