Cyber security researchers have discovered two vulnerabilities, now named Printing Shellz, that affect 150 different Hewlett Packard (HP) multifunction printers. The flaws could allow an attacker to take control over the devices, extract sensitive information, and infiltrate networks to perform other attacks.
The vulnerabilities are as follows:
The two flaws mean that an attacker could exploit them (located in the unit’s communications board and font parser) and gain code execution rights, which can be done remotely. If successful, attackers can achieve various goals like stealing information or using the compromised machine as a beachhead for future attacks against their target.
Vulnerability CVE-2021-39237 is exploited when an attacker gains physical access to the device due to two exposed physical ports that grant full access to the device. This flaw could lead to potential information disclosure.
Vulnerability CVE-2021-39238 can be exploited by embedding an exploit in a PDF document, using social engineering to lure the target into printing the file. An employee from an organization could also be lured into visiting a rogue website which would automatically print a document containing a maliciously crafted font on the vulnerable device, giving the attacker code execution rights over the device. This method of attack is called a cross-site printing attack.
It would take an attacker under five minutes to exploit both vulnerabilities. If you have any of the HP printer models listed, it’s pertinent that you patch your device immediately. Now that the vulnerabilities are public, threat actors know what to look for and how to exploit them. Patch your devices before it’s too late.
At this time, there are no known IoCs. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, reach out to your Avertium Account Execute.
Critical Wormable Security Flaw Found in Several HP Printer Models (thehackernews.com)
8-year-old HP printer vulnerability affects 150 printer models (bleepingcomputer.com)