Critical privilege escalation vulnerability affects almost all HP printers

HP security teams announced the correction of multiple critical flaws in dozens of printer models used in commercial and home networks. One of the main issues addressed is the renowned PrintNightmare, a flaw in Windows Print Spooler that allows threat actors to escalate privileges on affected systems.

According to a report by F-Secure, a set of vulnerabilities identified as Printing Shellz, which resides in HP multifunctionals, was also detected. Apparently, the flaws date back to 2013 and reside in at least 150 different computers, including HP Color LaserJet Enterprise, HP LaserJet Enterprise, HP PageWide, HP OfficeJet Enterprise Color and HP ScanJet Enterprise 8500 FN1.

One of the flaws that most caught the attention of researchers is CVE-2021-39238, described as a buffer overflow error that would allow threat actors to move through systems connected to the same network as the target device. The flaw received a score of 9.3/10 according to the Common Vulnerability Scoring System (CVSS).

Another notable vulnerability was identified as CVE-2021-39237, with a CVSS score of 7.1/10 and described as an information disclosure error. The researchers note that this flaw was caused by exposed physical ports, so local access is required for its successful exploitation.

According to the report, it is possible to take advantage of these flaws locally by physically accessing the device, for example, by printing from USB. Being CVE-2021-39238, another potential attack vector involves sending an exploit payload directly from a browser via cross-site printing (XSP). “

F-Secure reports that the flaws provide threat actors with an effective way to steal sensitive information, as it is unlikely that system administrators do not typically focus their security efforts on printers and these kinds of devices and could go unnoticed until it is too late.

HP received a report on these vulnerabilities and issued two advisories targeting its customers, while updates were finally available a couple of weeks ago. So far, no signs of active exploitation have been detected, although users should not miss these updates.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.