HP Printers Vulnerable to Safety Problems
Dozens of HP printer models have been found to have safety problems that could allow hackers to gain remote access to confidential user information. The vulnerability has been identified as CVE-2023-1707 and has an assessment of CVSS 9.1 out of 10. HP has reported that the vulnerability has not yet been detected in the wild.
The problem is affecting HP printers with the FutureSmart microprological version 5.6 and the IPSEC protocol enabled. HP is advising users to temporarily roll back to the previous version of the firmware (FutureSmart version 5.5.0.3) until a security correction is made available. A full list of affected printers can be found on HP’s support page.
FutureSmart is a proprietary micro-oprammal support of HP used in the most powerful corporate-class printing systems. It helps system administrators manage and maintain various functions within the corporate printing network. The IPSEC, on the other hand, is a set of security protocols for the IP network designed to prevent remote access by hackers to corporate networks. This time, it has become a key element for compromising HP printers.
This isn’t the first time that HP printers have been at risk due to vulnerabilities in the security system. Last year, HP published safety recommendations for three vulnerabilities that could lead to remote code execution on compromised machines. Many HP printer models were affected, including Laserjet Pro, Pagewide Pro and Deskjet. HP ultimately released safety updates for the most vulnerable products and provided instructions for mitigating the consequences for models that could not be fixed.