HP plugs critical RCE flaws in InkJet printers

1 Mins read

HP has plugged important vulnerabilities (CVE-2018-5924, CVE-2018-5925) affecting a lot of its InkJet printers and is urging customers to put in force the provided firmware updates as soon as possible.

HP InkJet printer vulnerabilitiesImage result for HP plugs critical RCE flaws in InkJet printers

The vulnerabilities, found and reported by means of a still unnamed third-birthday celebration researcher, may be brought about thru a maliciously crafted document despatched to an affected tool. Such a document can reason a stack or static buffer overflow, that can permit far-flung code execution.

The list of affected gadgets is long and encompasses the Pagewide Pro, DesignJet, OfficeJet, DeskJet, and Envy product strains.

Updates may be downloaded and mounted at once from the printer or from the HP internet site (instructions on a way to do it may be observed here).

HP’s print security malicious program bounty application
The organization did now not mention whether the vulnerabilities it plugged have been flagged as part of the newly found out bug bounty program it released with Bugcrowd in May, however it’s in all likelihood that they were.

For the instant, this system continues to be personal.

According to CSO Online, 34 researchers had been invited to take part in it. They have been informed to limit their efforts to endpoint devices (all HP organization printers) and to pay attention to firmware-level vulnerabilities, together with remote code execution, pass-web site request forgery (CSRF) and pass-website online scripting (XSS) flaws.

Vulnerability reporting is to be completed via Bugcrowd, so as to verify insects and reward researchers primarily based at the severity of the flaw and awards as much as $10,000.

“Reporting a vulnerability previously located by HP might be assessed, and a reward can be supplied to researchers as a terrific faith payment,” HP referred to.

Shivaun Albright, HP’s Chief Technologist of Print Security, stated that the agency is already keeping security in thoughts while growing printers, however, they need to peer whether or not they’ve neglected something.

Citing Bugcrowd’s most latest State of Bug Bounty Report, HP talked about that the pinnacle emerging attackers are focused on endpoint gadgets, and the full print vulnerabilities throughout the industry have multiplied 21 percentage all through the beyond year.

Originally posted 2018-08-06 17:55:16.

Related posts

Reddit suffers data breach despite using SMS-based 2FA

3 Mins read
Popular social news aggregation and discussion internet site Reddit has suffered a breach. The attacker broke into a number of its structures…

Facebook CSO Alex Stamos leaves to join Stanford Uni

2 Mins read
Facebook Chief Security Officer Alex Stamos has introduced that he’s leaving the organization on August 17 and will be joining Stanford University…

Qualys at Black Hat USA 2018: Hear best practices from industry leaders

7 Mins read
There might be no lack of interesting content from Qualys at Black Hat USA 2018 this yr. Depending on your interests, you…