HP plugs critical RCE flaws in InkJet printers

1 Mins read

HP has plugged important vulnerabilities (CVE-2018-5924, CVE-2018-5925) affecting a lot of its InkJet printers and is urging customers to put in force the provided firmware updates as soon as possible.

HP InkJet printer vulnerabilitiesImage result for HP plugs critical RCE flaws in InkJet printers

The vulnerabilities, found and reported by means of a still unnamed third-birthday celebration researcher, may be brought about thru a maliciously crafted document despatched to an affected tool. Such a document can reason a stack or static buffer overflow, that can permit far-flung code execution.

The list of affected gadgets is long and encompasses the Pagewide Pro, DesignJet, OfficeJet, DeskJet, and Envy product strains.

Updates may be downloaded and mounted at once from the printer or from the HP internet site (instructions on a way to do it may be observed here).

HP’s print security malicious program bounty application
The organization did now not mention whether the vulnerabilities it plugged have been flagged as part of the newly found out bug bounty program it released with Bugcrowd in May, however it’s in all likelihood that they were.

For the instant, this system continues to be personal.

According to CSO Online, 34 researchers had been invited to take part in it. They have been informed to limit their efforts to endpoint devices (all HP organization printers) and to pay attention to firmware-level vulnerabilities, together with remote code execution, pass-web site request forgery (CSRF) and pass-website online scripting (XSS) flaws.

Vulnerability reporting is to be completed via Bugcrowd, so as to verify insects and reward researchers primarily based at the severity of the flaw and awards as much as $10,000.

“Reporting a vulnerability previously located by HP might be assessed, and a reward can be supplied to researchers as a terrific faith payment,” HP referred to.

Shivaun Albright, HP’s Chief Technologist of Print Security, stated that the agency is already keeping security in thoughts while growing printers, however, they need to peer whether or not they’ve neglected something.

Citing Bugcrowd’s most latest State of Bug Bounty Report, HP talked about that the pinnacle emerging attackers are focused on endpoint gadgets, and the full print vulnerabilities throughout the industry have multiplied 21 percentage all through the beyond year.

Originally posted 2018-08-06 17:55:16.

622 posts

About author
Introvert. Incurable tv guru. Internet lover. Twitter trailblazer. Infuriatingly humble communicator. Spent a weekend creating marketing channels for cod in New York, NY. Spent the 80's writing about fried chicken in Pensacola, FL. In 2009 I was investing in sock monkeys in the government sector. Spent high school summers exporting cannibalism in Deltona, FL. A real dynamo when it comes to donating Roombas in Miami, FL. Spent 2001-2005 supervising the production of acne for no pay.
Related posts

Imbolc Traditions, Rituals, and Other Facts You Probably Never Knew

2 Mins read
Imbolc is traditionally celebrated to honor the Celtic deity referred to as Brighid, who’s acknowledged to be the Goddess of Fire, Hearth,…

A Guide to INFP Relationship Compatibility With Other Personality Types

3 Mins read
It’s essential to realize a person’s strengths and weaknesses earlier than moving into a relationship with him/her. This could come up with…

History of the Habsburg Jaw and Other Deformities of Royal Inbreeding

2 Mins read
Did You Know? Franklin D. Roosevelt, Edgar Allan Poe, Albert Einstein, and Charles Darwin are a few well-known examples of people who’ve…