The manufacturer HP has issued a warning about a critical security vulnerability that affects more than 50 of their enterprise Laserjet MFP printers. This vulnerability allows attackers to trigger a buffer overflow and inject arbitrary code into the printers.
In order for this vulnerability to be exploited, HP Workpath solutions must be running on the affected printers. HP Workpath is a set of free apps that provide additional functionality, such as simplified scanning and copying. It needs to be activated initially by either the print service provider or administrators.
HP has classified this vulnerability as critical, with a CVSS value of 9.8. In a security notification, HP has provided a list of the affected series and specific printer models. IT managers are advised to check if the printers in their organization are affected and take prompt action if necessary.
To address this vulnerability, HP has developed updated firmware for the affected printer models. The FS5 version 22.214.171.124 or newer no longer contains the vulnerability. The updated firmware can be downloaded from HP’s support page by searching for the model number of the printer.
This is not the first time HP has reported security vulnerabilities in their printers. In early May, they disclosed high-risk vulnerabilities in Laserjet Pro and MFP models, which also allowed attackers to inject arbitrary code onto the devices.
It is crucial for organizations to stay proactive in monitoring and updating the firmware of their printers to minimize the risk of security breaches.