fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

8-year-old HP Printer Vulnerability Affects 150 Printer Models

8-year-old HP Printer Vulnerability Affects 150 Printer Models

Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.

Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time.

HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1, 2021.

These are CVE-2021-39237 and CVE-2021-39238. For a complete list of the affected products, click on the tracking numbers for the corresponding advisories.

The first one concerns two exposed physical ports that grant full access to the device. Exploiting it requires physical access and could lead to potential information disclosure.

Also Read: Top 10 Exceptional And Creative Website Design Guidelines

The second one is a buffer overflow vulnerability on the font parser, which is a lot more severe, having a CVSS score of 9.3. Exploiting it gives threat actors a way to remote code execution.

CVE-2021-39238 is also “wormable,” meaning a threat actor could quickly spread from a single printer to an entire network.

As such, organizations must upgrade their printer firmware as soon as possible to avoid large-scale infections that start from this often ignored point of entry.

Multiple potential vectors

F-Secure’s Bolshev and Hirvonen used an HP M725z multi-function printer (MFP) unit as their testbed to discover the above flaws.

After they reported their findings to HP on April 29, 2021, the company found that, unfortunately, many other models were also affected.

As the researchers explain in F-Secure’s report, there are several ways to exploit the two flaws, including:

  • Printing from USB drives, which is what was used during the research too. In the modern firmware versions, printing from USB is disabled by default.
  • Social engineering a user into printing a malicious document. It may be possible to embed an exploit for the font-parsing vulnerabilities in a PDF. 
  • Printing by connecting directly to the physical LAN port.
  • Printing from another device that is under the attacker’s control and in the same network segment.
  • Cross-site printing (XSP): sending the exploit to the printer directly from the browser using an HTTP POST to JetDirect port 9100/TCP. This is probably the most attractive attack vector.
  • Direct attack via exposed UART ports mentioned in CVE-2021-39237, if the attacker has physical access to the device for a short time.
One of the attack flows for CVE-2021-38238

One of the attack flows for CVE-2021-38238
Source: F-Secure

To exploit CVE-2021-39238, it would take a few seconds, whereas a skilled attacker could launch a catastrophic assault based on the CVE-2021-39237 in under five minutes.

Also Read: Data Protection Officer Duties And Responsibilities

However, it would require some skills and knowledge, at least during this first period when not many technical details are public.

Also, even if printers themselves aren’t ideal for proactive security examination, they can detect these attacks by monitoring network traffic and looking into the logs.

Finally, F-Secure points out that they have seen no evidence of anyone using these vulnerabilities in actual attacks. Hence, the F-Secure researchers were likely the first to spot them.

An HP spokesperson has shared the following comment with Bleeping Computer:

HP constantly monitors the security landscape and we value work that helps identify new potential threats. We have published a security bulletin for this potential vulnerability here. The security of our customers is a top priority and we encourage them to always stay vigilant and to keep their systems up to date.

Mitigation methods

Apart from upgrading the firmware on the affected devices, admins can follow these guidelines to mitigate the risk of the flaws:

  • Disable printing from USB
  • Place the printer into a separate VLAN sitting behind a firewall
  • Only allow outbound connections from the printer to a specific list of addresses
  • Set up a dedicated print server for the communication between workstations and the printers

The last point underlines that even without fixing patches if proper network segmentation practices are followed the chances of suffering damage from network intruders drop significantly.

A detailed guide on the best practices for securing your printer is available in HP’s technical paper. You can also watch a video demo of how this HP printer vulnerability can be exploited below.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us