Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Code Execution Flaw Found in HP Enterprise Printers

Researchers have found a potentially serious remote code execution vulnerability in some of HP’s enterprise printers. The vendor claims to have already developed a patch that will be made available to customers sometime this week.

Researchers have found a potentially serious remote code execution vulnerability in some of HP’s enterprise printers. The vendor claims to have already developed a patch that will be made available to customers sometime this week.

Back in 2015, HP announced the launch of new enterprise-grade LaserJet printers fitted with security features designed to block malicious actors from breaching a company’s network. Roughly one year later, the company also announced several security improvements to its Managed Print Services.

The tech giant claims it provides “the world’s most secure printing” and a recent marketing campaign run by the company shows how printers from other vendors can allow hackers to cause significant damage to an organization.

Researchers at FoxGlove Security wanted to put HP’s claims to the test so they acquired an HP PageWide Enterprise 586dn multi-functional printer (MFP), currently sold for $2,000, and an HP LaserJet Enterprise M553n printer, which costs roughly $500.HP Printer

The experts started testing the devices using PRET (PRinter Exploitation Toolkit), a tool developed by researchers from Ruhr-Universität Bochum in Germany. When PRET was introduced, its creators claimed to have used it to find vulnerabilities in 20 printers and MFPs from HP, Brother, Lexmark, Dell, Samsung, Konica, OKI and Kyocer.

FoxGlove used PRET to find a path traversal flaw that allowed them to access the content of any print job, including PIN-protected jobs. PRET also helped it discover vulnerabilities that can be exploited to manipulate the content of print jobs, and reset devices to factory settings and implicitly remove the admin password.

However, the researchers’ goal was to find a vulnerability that could be exploited for remote code execution (RCE). In order to achieve this, they extracted the printer operating system and firmware and reverse engineered them. HP has implemented some mechanisms to prevent tampering with the system, but the experts managed to bypass them and gain access to files.

They then analyzed firmware updates and HP Software Solutions, which use the OXP platform and SDK to extend a printer’s functionality. Both Solutions and firmware updates are delivered as a single bundle (.BDL) file that needs to have a valid signature.

They failed to upload a malicious firmware to the device due to the signature validation mechanism, but they have proposed some possible attack vectors in case others want to continue the research. On the other hand, they did crack signature validation for Solutions files and they managed to upload a malicious DLL and execute arbitrary code.

Advertisement. Scroll to continue reading.

FoxGlove Security has made available the source code of the tools used during the research, including proof-of-concept (PoC) malware.

The code execution vulnerability was reported to HP on August 21 and the company has promised to release a patch this week.

UPDATE 11/22/2017. HP informed SecurityWeek that the code execution vulnerability, tracked as CVE-2017-2750, was patched by the company on November 17. The flaw affects tens of HP LaserJet Enterprise, PageWide Enterprise, LaserJet Managed and OfficeJet Enterprise printers.

Related: Hackers Can Abuse HP Enterprise Printers for Storage

Related: Thousands of Printers “Hacked” to Spew Anti-Semitic Flyers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...