HP LaserJet Printers Flaw Let Attacker Gain Unauthorized Access

In step with a security advisory from HP, some HP Endeavor LaserJet and HP LaserJet Managed printers will be at possibility of files publicity when IPsec is enabled with FutureSmart version 5.6.

All HP Endeavor units trudge HP FutureSmart firmware, making it easy to administer and take care of loads of aspects across your lickety-split, from the person journey to app security reinforce.

Users can purpose and role up printers utilizing a collection watch over panel positioned on the printer or a web browser for remote rep admission to.

The IP network security protocol suite, IPsec (Web Protocol Security), is passe in trade networks to trusty within and external communications and give up undesirable rep admission to to resources, reminiscent of printers.

A serious rating and a CVSS v3.1 gain of 9.1 were given to the hiss, tracked as CVE-2023-1707.

Indeed, HP has no longer yet released a fix for the concerned firmware. In step with HP, a brand fresh firmware version that rectifies the hiss must be available in 90 days.

Critically, the thought disclosure flaw in this condition would possibly perhaps well also give an attacker rep admission to to sensitive files sent between the affected HP printers and other networked units.

Affected Merchandise

• HP Coloration LaserJet Endeavor M455
• HP Coloration LaserJet Endeavor MFP M480
• HP Coloration LaserJet Managed E45028
• HP Coloration LaserJet Managed MFP E47528
• HP Coloration LaserJet Managed MFP E785dn, HP Coloration LaserJet Managed MFP E78523, E78528
• HP Coloration LaserJet Managed MFP E786, HP Coloration LaserJet Managed Poke MFP E786, HP Coloration LaserJet Managed MFP E78625/30/35, HP Coloration LaserJet Managed Poke MFP E78625/30/35
• HP Coloration LaserJet Managed MFP E877, E87740/50/60/70, HP Coloration LaserJet Managed Poke E87740/50/60/70
• HP LaserJet Endeavor M406
• HP LaserJet Endeavor M407
• HP LaserJet Endeavor MFP M430
• HP LaserJet Endeavor MFP M431
• HP LaserJet Managed E40040
• HP LaserJet Managed MFP E42540
• HP LaserJet Managed MFP E730, HP LaserJet Managed MFP E73025, E73030
• HP LaserJet Managed MFP E731, HP LaserJet Managed Poke MFP M731, HP LaserJet Managed MFP E73130/35/40, HP LaserJet Managed Poke MFP E73130/35/40
• HP LaserJet Managed MFP E826dn, HP LaserJet Managed Poke MFP E826z, HP LaserJet Managed E82650/60/70, HP LaserJet Managed E82650/60/70

“HP recommends without delay reverting to a prior version of the firmware (FutureSmart version 5.5.0.3). Updated firmware to take care of the hiss is anticipated within 90 days”.

Users are instructed to rep the firmware kit from HP’s first rate rep portal, the establish apart they are able to resolve their printer model and rep the mandatory software program.

Connected Read:

• HP Expands It’s Computer virus Bounty Program Covers Flaws in Printers
• Numerous Principal RCE Bugs In HP Make stronger Assistant Repeat Windows PCs To Some distance flung Assaults
• High Challenges Confronted by CISOs in Securing APIs