A remotely exploitable vulnerability in 54 HP printer models for enterprises has recently been found – and patched – that could allow threat actors to breach companies’ infrastructure using rogue printer firmware.
Security researchers managed to bypass the printer’s signature verification process that vets legitimate firmware update files, enabling them to install tampered firmware updates that would allow for remote control over the affected printers. Although the process involved reverse engineering HP’s firmware signature validation algorithm, researchers also found other vulnerabilities that could allow cybercriminals to interfere with the printer’s operations.
“Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code,” reads the advisory.
Since enterprise printers are usually network-accessible, compromising one with rogue firmware would give cybercriminals a foothold into an organization’s network, enabling them to move laterally across networks in search of other vulnerable targets.
“With a method to construct our own HP software “Solution” packages, and another to bypass their digital signature validation mechanism, the only remaining hurdle was to build a piece of malware compatible with HP’s platform,” reads the researcher’s report.
Since the vulnerability can be weaponized to deliver any malicious payload, the risk of having these printers compromised by cybercriminals are very high, especially since they’re mostly deployed by companies.
The security advisory issued by HP lists 25 enterprise printer models affected by the arbitrary code execution flaw, and encourages everyone that has one within their infrastructure to update their firmware with the latest security patches.
For the full list of affected HP business printers, please check here.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Liviu Arsene. Read the original post at: https://hotforsecurity.bitdefender.com/blog/54-hp-printer-models-for-enterprises-remotely-vulnerable-to-attackers-19256.html