August 16, 2018

HP Ink Printer Vulnerabilities – WST

HP’s Product Security Response Team published security advisories detailing two remote code execution security vulnerabilities, CVE-2018-5924 & CVE-2018-5925, affecting a large number of HP Ink printers.

Many of the impacted printer models include fax capabilities which can be remotely exploited with a malicious fax.  Once exploited, the printer can be leveraged to attack other internal systems.  With the prevalence of these printers on business networks, it’s important to involve all printers and multifunction devices in your regular vulnerability and patch management process.

HP has updated their security bulletin multiple times to reflect the current models afflicted with the vulnerabilities.  They have already provided firmware updates for impacted printers which can be viewed here

Past Weekly Security Tips – WST