Security researchers from F-Secure revealed Critical Vulnerability (CVE-2021-39238), affecting more different 150 models of printers and MFPs HP series LaserJet, LaserJet Managed, pagewide and pagewide managed . Vulnerability allows through sending a specially decorated PDF document to cause a buffer overflow in the font handler and achieve its execution Code at the firmware level. The problem is manifested in 2013 and is eliminated in firmware updates published on November 1 (the manufacturer was notified of the problem in April).
Attack can be done on both locally connected printers and network printing systems. For example, an attacker can use the methods of social engineering and force the user to print a malicious file, attack the printer through the already hacked user system or apply the equipment to the “DNS Rebinding” technique, which allows you to send an HTTP request to the network port of the printer (9100 / TCP, JetDirect), inaccessible to direct circulation via the Internet.
After the successful exploitation of the vulnerability, the compromised printer can be used as a bridgehead to perform an attack on the local network, to snipfing traffic or to lease the hidden point of the presence of attackers on the local network. Vulnerability is also suitable for building botnets or creating network worms scanning other vulnerable systems and trying to hit them. To reduce harm from compromising printers, it is recommended to place network printers into a separate VLAN, limit the firewall to install outgoing network connections from printers and use a separate intermediate print server instead of direct contact with the printer from workstations.
researchers also identified another vulnerability (CVE-2021-39237) in printers HP, giving the opportunity to get full access to the device. Unlike the first vulnerability, the problem has been assigned a moderate hazard level, since the attack requires physical access to the printer (you need to connect to the UART port for about 5 minutes).