HP plugs critical RCE flaws in InkJet printers

1 Mins read

HP has plugged important vulnerabilities (CVE-2018-5924, CVE-2018-5925) affecting many of its InkJet printers and is urging customers to put in force the provided firmware updates as soon as possible.


HP InkJet printer vulnerabilities

The vulnerabilities, found and reported by a still-unnamed third-birthday celebration researcher, may be brought about through a maliciously crafted document despatched to an affected tool. Such a document can reason a stack or static buffer overflow that can permit far-flung code execution.

The list of affected gadgets is long and encompasses the Pagewide Pro, DesignJet, OfficeJet, DeskJet, and Envy product strains.

Updates may be downloaded and mounted at once from the printer or the HP internet site (instructions on how to do it may be observed here).

HP’s print security malicious program bounty application
The organization did now not mention whether the vulnerabilities it plugged have been flagged as part of the newly found out bug bounty program it released with Bugcrowd in May. However, it’s in all likelihood that they were.

For an instant, this system continues to be personal.

According to CSO Online, 34 researchers had been invited to take part in it. They have been informed to limit their efforts to endpoint devices (all HP organization printers) and to pay attention to firmware-level vulnerabilities, together with remote code execution, pass-web site request forgery (CSRF), and pass-website online scripting (XSS) flaws.

Vulnerability reporting is to be completed via Bugcrowd to verify insects and reward researchers primarily based on the flaw’s severity and awards as much as $10,000.

“Reporting a vulnerability previously located by HP might be assessed, and a reward can be supplied to researchers as a terrific faith payment,” HP referred to.

Shivaun Albright, HP’s Chief Technologist of Print Security, stated that the agency is already keeping security in thoughts while growing printers. However, they need to peer whether or not they’ve neglected something.

Citing Bugcrowd’s latest State of Bug Bounty Report, HP said that the pinnacle emerging attackers are focused on endpoint gadgets, and the full print vulnerabilities throughout the industry have multiplied 21 percentage all through the beyond the year.

682 posts

About author
Introvert. Incurable tv guru. Internet lover. Twitter trailblazer. Infuriatingly humble communicator. Spent a weekend creating marketing channels for cod in New York, NY. Spent the 80's writing about fried chicken in Pensacola, FL. In 2009 I was investing in sock monkeys in the government sector. Spent high school summers exporting cannibalism in Deltona, FL. A real dynamo when it comes to donating Roombas in Miami, FL. Spent 2001-2005 supervising the production of acne for no pay.
Related posts

Reddit suffers data breach despite using SMS-based 2FA

3 Mins read
Popular social news aggregation and discussion internet site Reddit has suffered a breach. The attacker broke into a number of its structures…

Facebook CSO Alex Stamos leaves to join Stanford Uni

2 Mins read
Facebook Chief Security Officer Alex Stamos has introduced that he’s leaving the organization on August 17 and will be joining Stanford University…

Qualys at Black Hat USA 2018: Hear best practices from industry leaders

7 Mins read
There might be no lack of interesting content from Qualys at Black Hat USA 2018 this yr. Depending on your interests, you…