Multiple Vulnerabilities in HP Printer Products Could Allow for Remote Code Execution
MS-ISAC ADVISORY NUMBER:
2018-087
DATE(S) ISSUED:
08/07/2018
OVERVIEW:
Multiple Vulnerabilities have been discovered in HP Printer products, which could allow for remote code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.
THREAT INTELLIGENCE:
There is no evidence of these vulnerabilities being exploited in the wild. However, the MS-ISAC has previously observed a variety of printer exploits and defacements affecting Internet-facing printers in state, local, tribal, and territorial governments, especially those located in universities, K-12 schools, and fire stations.
RISK:
Government:
- Large and medium government entities: HIGH
- Small government entities: HIGH
Businesses:
- Large and medium business entities: HIGH
- Small business entities: HIGH
Home Users:
HIGH
TECHNICAL SUMMARY:
Multiple Vulnerabilities have been discovered in HP products, which could allow for remote code execution. An attacker can exploit these vulnerabilities by sending a maliciously crafted file to an affected device which can cause a stack or static buffer overflow (CVE-2018-5924, CVE-2018-5925). Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights.
RECOMENDATIONS:
We recommend the following actions be taken:
- Apply appropriate updates provided by HP to vulnerable systems, immediately after appropriate testing.
- Change all default printer login credentials and/or passwords.
- Implement the same security policies for printers as would be implemented on any networked system.
- Restrict inbound access to only authorized IP addresses, machines, and/or users.
- Disable unnecessary functions, services, and/or ports.
- Log printer activity and connections, and retain logs for a minimum of 90 days.
- Implement security features offered by printer manufacturers that include measures such as hard drive encryption, automated deletion of printer jobs, and drive overwrite capabilities.