HP to Fix Critical LaserJet Printer Bug in 90 Days
Around 50 models of HP Enterprise LaserJet and HP LaserJet Managed Printers are affected by the critical-severity vulnerability, CVE-2023-1707, which HP has disclosed. The security issue is related to the firmware of these printers and could potentially lead to information disclosure. HP has assigned a severity score of 9.1 out of 10 using the CVSS v3.1 standard. However, the exploitation context is restrictive as the vulnerability can only be exploited if the printers run Future Smart firmware version 5.6 and have IPsec enabled. IPsec is a network security protocol used to secure internal or remote communications within corporate networks, including printers.
FutureSmart gives consumers the option of configuring and managing printers remotely via a web browser or from a control panel located at the printer. If used, the information disclosure weakness might provide a hacker access to private data sent between vulnerable HP printers and other networked devices. HP has acknowledged the problem and will remedy the flaw in 90 days. The vulnerability’s active exploitation is unclear, and HP hasn’t offered any other information on the potential repercussions of the bug.
HP, one of the leading manufacturers of printers, has recently disclosed a security vulnerability in various printer models that could potentially allow attackers to execute arbitrary code on the device. This CVE-2023-1707 vulnerability affects a wide range of HP Color LaserJet and LaserJet Enterprise printer models, making it a matter of concern for millions of customers who use these printers in their offices and homes.
The security vulnerability can be exploited by cybercriminals to gain unauthorized access to the printer and take control of it. They can use this access to steal sensitive information, install malware or ransomware, or launch a distributed denial-of-service (DDoS) attack on the network. Such attacks can cause significant financial and reputational damage to the organizations or individuals affected by them.
To address this vulnerability, HP has announced that a firmware update will be released within 90 days. In the meantime, HP has recommended customers running FutureSmart 5.6 firmware to downgrade their firmware version to FS 220.127.116.11, which is not affected by the vulnerability. The company has also provided a list of printer models that are affected by the vulnerability, which include several popular models such as HP LaserJet Enterprise MFP M431 and HP Color LaserJet Enterprise MFP M480.
It is crucial for customers who own any of the affected printer models to take immediate action to mitigate the risk of potential cyberattacks. They can do this by downgrading the firmware to version FS 18.104.22.168 until HP releases an updated firmware package. This will ensure that the vulnerability is not exploited, and the device remains secure.
To obtain the firmware package, users must source it from HP’s official download portal, where they can select their printer model and download the relevant software. It is essential to ensure that they receive a genuine and secure firmware package that has not been tampered with by any third parties.
Cyberattacks on printers have become a common occurrence in recent years, and cybercriminals are constantly looking for ways to exploit vulnerabilities in various systems and devices. A printer is a crucial component of any office, and a cyberattack on it can be detrimental to the company’s operations. It is, therefore, essential to take printer security seriously and take proactive measures to safeguard them.
See more: Website Genesis Market that leaked passwords was shut down
HP has always been proactive in addressing security issues in its products. The company regularly releases firmware updates to address vulnerabilities and improve the security of its devices. However, it is essential for customers to ensure that they update their firmware regularly to stay protected. They can do this by subscribing to HP’s security bulletins and ensuring that their devices are always running the latest firmware version.
The disclosure of the CVE-2023-1707 vulnerability in various HP printer models is a matter of concern for millions of customers who use these printers in their offices and homes. It is crucial to take immediate action to mitigate the risk of potential cyberattacks. HP has recommended downgrading the firmware to version FS 22.214.171.124 until an updated firmware package is released. Customers must ensure that they obtain the firmware package from HP’s official download portal to receive a genuine and secure firmware package that has not been tampered with by any third parties. Cyberattacks on printers have become a common occurrence, and it is essential to take printer security seriously and take proactive measures to safeguard them. Regularly updating the firmware is crucial to stay protected from potential cyberattacks.
See more: Google will simplify account deletion for users of Android applications
The significance of cybersecurity cannot be understated as the globe becomes more linked. Cyberattacks can have far-reaching consequences, and it is essential to take proactive measures to protect ourselves and our devices from potential threats. By taking printer security seriously and staying vigilant, we can ensure that our devices remain secure, and our operations run smoothly.
Author: Manjushree Gavitre
We hope you found article interesting. For more exclusive content follow us on Facebook, Twitter and LinkedIn