Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Time to patch your HP printers

Published: 2009-02-06
Last Updated: 2011-01-24 23:55:28 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

HP have released a security bulletin for certain LaserJet printers. They require firmware updates. It is a directory traversal issue in the web admin interface. The vulnerability leads to unauthorized access to arbitrary files stored on the printer(s). The bulletin SSRT080166 is here. The CVE is CVE-2008-4419. Printers tend to be low on the priority list of systems or devices to be patched, this one will likely linger for years to come. The impact might not seem severe, as in the attacker can view the printer configuration, however viewing cached versions of printed documents can be.Other than patching, disallowing access to the web admin interface is likely the only other mitigation.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

0 comment(s)
Diary Archives