Two crucial flaws in the firmware of several corporate printer models have been made public by Hewlett Packard. If exploited, these flaws would allow remote adversaries to execute malicious program on the vulnerable printer models.

Due to insufficient bounds validation, the flaw (CVE-2022-28721), assessed as serious in severity with a CVSS scale of 9.8, is a buffer overflow that might enable the execution of malicious scripts remotely on more than 60 printer models.

More than 60 different printer types, including HP inkjet printers, HP LaserJet Pro printers, and HP PageWide Pro printers, are impacted by the security vulnerability. A malicious hacker might send a specifically designed request to the system to overrun a buffer and execute malicious code using the CVE-2022-28721 bug.

The second vulnerability, designated CVE-2022-28722, is likewise a buffer overflow with a 7.1 CVSS severity rating. It enables a local intruder to overrun a buffer and run malicious script on the system.

HP has provided firmware updates for potentially affected products listed in the table below. To obtain the updated firmware listed below, go to the HP Software and Driver Downloads, and then search for your printer model.

The post 60 different HP printer models of inkjet, LaserJet Pro, and PageWide Pro printers allow threat actors to take control of network remotely. Patch these two flaws appeared first on Information Security Newspaper | Hacking News.


You May Also Like

Newly discovered TCP reflective amplified DDoS attack can shut down any website

Cybersecurity specialists reported the discovery of a severe flaw in the design…

Privilege escalation and path traversal vulnerabilities affect Argo CD, the GitOps continuous delivery tool for Kubernetes

Cybersecurity specialists report the detection of some security flaws in Argo CD,…

Critical Remote code execution vulnerability in Palo Alto Networks Cortex XSOAR

Cybersecurity specialists report the detection of a critical vulnerability in Cortex XSOAR,…

3 critical vulnerabilities in 9 Cisco Router models allows complete takeover of any network

3 vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series…