Two crucial flaws in the firmware of several corporate printer models have been made public by Hewlett Packard. If exploited, these flaws would allow remote adversaries to execute malicious program on the vulnerable printer models.
Due to insufficient bounds validation, the flaw (CVE-2022-28721), assessed as serious in severity with a CVSS scale of 9.8, is a buffer overflow that might enable the execution of malicious scripts remotely on more than 60 printer models.
More than 60 different printer types, including HP inkjet printers, HP LaserJet Pro printers, and HP PageWide Pro printers, are impacted by the security vulnerability. A malicious hacker might send a specifically designed request to the system to overrun a buffer and execute malicious code using the CVE-2022-28721 bug.
The second vulnerability, designated CVE-2022-28722, is likewise a buffer overflow with a 7.1 CVSS severity rating. It enables a local intruder to overrun a buffer and run malicious script on the system.
HP has provided firmware updates for potentially affected products listed in the table below. To obtain the updated firmware listed below, go to the HP Software and Driver Downloads, and then search for your printer model.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.