HP Inc. has issued patches that fix security vulnerabilities cyber security provider F-Secure discovered in over 150 of their multifunction printer (MFP) products. According to research published today by F-Secure, attackers can exploit the vulnerabilities to seize control of vulnerable devices, steal information, and further infiltrate networks to inflict other types of damage.

F-Secure security consultants Timo Hirvonen and Alexander Bolshev discovered exposed physical access port vulnerabilities (CVE-2021-39237) and font parsing vulnerabilities (CVE-2021-39238) in HP’s MFP M725z – part of HP’s FutureSmart line of printers. Security advisories published by HP list over 150 different products affected by the vulnerabilities.

The most effective method would involve tricking a user from a targeted organization into visiting a malicious website, exposing the organization’s vulnerable MFP to what’s known as a cross-site printing attack. The website would, automatically, remotely print a document containing a maliciously-crafted font on the vulnerable MFP, giving the attacker code execution rights on the device.

An attacker with these code execution rights could silently steal any information ran (or cached) through the MFP. This includes not only documents that are printed, scanned, or faxed, but also information like passwords and login credentials that connect the device to the rest of the network. Attackers could also use compromised MFPs as a beachhead to penetrate further into an organization’s network in pursuit of other objectives (such as stealing or changing other data, spreading ransomware, etc.)

While the researchers determined that exploiting the vulnerabilities is difficult enough to prevent many low-skilled attackers from using them, experienced threat actors could make use of them in more targeted operations. 

Furthermore, the researchers discovered the font parsing vulnerabilities are wormable, meaning attackers could create self-propagating malware that automatically compromises affected MFPs and then spreads to other vulnerable units on the same network.

Fore more on this topic, visit www.f-secure.com