HP has addressed four vulnerabilities of which two are high and two are medium severity. Attackers can abuse these vulnerabilities to perform information disclosure, remote code execution, buffer overflow, and denial of service vulnerabilities. It’s important to fix these vulnerabilities to protect your products against potential attacks. Let’s see How to Fix Multiple Critical Vulnerabilities in HP LaserJet Pro Printer Modules.
Table of Contents
List Of Multiple Critical Vulnerabilities In HP LaserJet Pro Printer Modules
- CVE-2022-24291: A Denial-of-Service vulnerability in HP LaserJet Pro Printer Modules.
- CVE-2022-24292: An Information Disclosure vulnerability in HP LaserJet Pro Printer Modules.
- CVE-2022-24293: A Remote Code Execution vulnerability in HP LaserJet Pro Printer Modules.
- CVE-2022-3942: A Potential Remote Code Execution and Buffer Overflow vulnerability HP LaserJet Pro Printer Modules.
Summary Of These Vulnerabilities
There are four vulnerabilities addressed two of which are high and the remaining two are medium in severity. Here is a summary of vulnerabilities in the HP LaserJet Pro Printer.
Summary Of CVE-2022-24291
CVE-2022-24291 vulnerability enables remote hackers to create a denial-of-service condition on infected installations of HP LaserJet Pro MFP M283fdw printers. There is no need for authentication to exploit this vulnerability. This flaw exists within the ScanJobs API. A memory corruption condition can be caused by crafted data in a request.
| CVE ID | CVE-2022-24291 |
| CVSS Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS Score | 6.5 |
| CVSS Rating: | Medium |
| Reported Date | 2022-01-21 |
| Fixed Date | 2022-03-23 |
Summary Of CVE-2022-24292
CVE-2022-24292 vulnerability enables remote hackers to disclose sensitive information on infected installations of HP LaserJet Pro MFP M283fdw printers. There is no need for authentication to exploit this vulnerability. This flaw exists within the PostScript interpreter. A read past the end of an allocated data structure can be triggered due to crafter data.
| CVE ID | CVE-2022-24292 |
| CVSS Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVSS Score | 4.3 |
| CVSS Rating: | Medium |
| Reported Date | 2022-01-21 |
| Fixed Date | 2022-03-23 |
Summary Of CVE-2022-24293
CVE-2022-24293 vulnerability enables remote hackers to execute arbitrary code on infected installations of HP LaserJet Pro MFP M283fdw printers. The existing authentication method can be bypassed, as authentication is required to exploit this vulnerability. This flaw exists within the address book feature. The problem results from the lack of proper validation of the user-supplied data length before copying it to a fixed-length stack-based buffer.
| CVE ID | CVE-2022-24293 |
| CVSS Vector | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVSS Score | 8.0 |
| CVSS Rating: | High |
| Reported Date | 2022-01-21 |
| Fixed Date | 2022-03-23 |
Summary Of CVE-2022-3942
CVE-2022-3942 vulnerability enables network-adjacent attackers to execute arbitrary code on infected installations of HP LaserJet Pro MFP M283fdw printers. There is no need for authentication to exploit this vulnerability. This flaw exists within the LLMNR protocol implementation. The problem results from the lack of proper validation of the user-supplied data length before copying it to a fixed-length stack-based buffer.
| CVE ID | CVE-2022-3942 |
| CVSS Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSS Score | 8.8 |
| CVSS Rating: | High |
| Reported Date | 2022-01-21 |
| Fixed Date | 2022-03-23 |
List HP LaserJet Pro Printer Modules Affected By These Vulnerabilities
Please find the products affected by these vulnerabilities and the firmware version that resolves the vulnerabilities. Please don’t forget to see the updated list here.
We urge you to carefully go through the table and list out the vulnerabilities identified in your modules and upgrade the firmware to the resolved version or the latest available for download.
Caution: We always recommend reading the product guide or contacting the vendor support team before upgrading firmware. A wrong firmware upgrade may either break your device or lead to permanent damage.
HP LASERJET PRO PRINTERS:
| Product Name | Product Number | Updated Firmware Version |
| HP Color LaserJet Pro M453 – M454 | W1Y40A, W1Y41A, W1Y46A, W1Y47A, W1Y44A, W1Y45A, W1Y43A | 002_2208A or higher |
| HP Color LaserJet Pro MFP M2XX | Remediation pending | |
| HP Color LaserJet Pro MFP M478, M479 | W1A75A, W1A76A, W1A77A, W1A81A, W1A82A, W1A79A, W1A80A, W1A78A | 002_2208A or higher |
| HP LaserJet Pro M304, M305 | W1A66A, W1A46A, W1A47A, W1A48A | 002_2208A or higher |
| HP LaserJet Pro M404, M405 | W1A51A, W1A53A, W1A56A, W1A63A, W1A52A, 93M22A, W1A58A, W1A59A, W1A60A, W1A57A | 002_2208A or higher |
| HP LaserJet Pro MFP M428, M429 | W1A28A, W1A31A, W1A33A | 002_2208A or higher |
| HP LaserJet Pro MFP M428, M429 F | W1A29A, W1A32A, W1A30A, W1A38A, W1A34A, W1A35A | 002_2208A or higher |
HP PAGEWIDE PRO PRINTERS:
| Product Name | Product Number | Updated Firmware Version |
|---|---|---|
| HP PageWide 352dw Printer | J6U57A | 2205D or higher |
| HP PageWide 377dw Multifunction Printer | J9V80A | 2205D or higher |
| HP PageWide Managed P55250dw Printer series | J6U55A, J6U51B, J6U55B | 2205D or higher |
| HP PageWide Managed P57750dw Multifunction Printer | J9V82A | 2205D or higher |
| HP PageWide Pro 452dn Printer series | D3Q15A | 2205D or higher |
| HP PageWide Pro 452dw Printer series | D3Q16A | 2205D or higher2205D or higher |
| HP PageWide Pro 477dn Multifunction Printer series | D3Q19A | 2205D or higher |
| HP PageWide Pro 477dw Multifunction Printer series | D3Q20A | 2205D or higher |
| HP PageWide Pro 552dw Printer series | D3Q17A | 2205D or higher |
| HP PageWide Pro 577 Multifunction Printer series | D3Q21A, K9Z76A | 2205D or higher |
HP PAGEWIDE PRO PRINTERS:
| Product Name | Product Number | Updated Firmware Version |
|---|---|---|
| HP OfficeJet Pro 8210 Printer series | D9L63A, D9L64A, J3P65A, J3P66A, J3P67A, J3P68A | 001.2210B or higher |
| HP OfficeJet Pro 8216 Printer series | T0G70A | 001.2210B or higher |
| HP OfficeJet Pro 8730 All-in-One Printer | D9L20A, K7S32A | 001.2207C or higher |
| HP OfficeJet Pro 8740 All-in-One Printer series | D9L21A, K7S42A, T0G65A, K7S39A, J6X83A, K7S43A, K7S40A, K7S41A | 001.2207C or higher |
How To Fix These Vulnerabilities In HP LaserJet Pro Printer Modules?
HP offers periodic firmware updates for printers to address known issues and add new features. You must update the firmware on your printer to get all the latest updates.
There could be different ways to upgrade the firmware. Firmware upgradation using the printer control panel is the direct way to upgrade the firmware on the device itself which doesn’t require a computer to have. The second method is to upgrade the firmware using the printer update utility. This is the best way to go when you have multiple printers to upgrade the firmware. It is best for small to large size corporate networks. You can learn about upgrading firmware from here. Let’s see both methods below.
Here are two supported methods to update firmware on your printer.
- Update the firmware via the printer control panel
- Update the firmware via the HP Printer Update Utility
Method 1: Update The Firmware Via The Printer Control Panel
Use this method to update the firmware via the printer control panel and to set the printer to update the firmware with the availability of new updates automatically. However, the process varies based on the type of control panel the device has. The control panel can be any one of the following types. This method works well for homes or small businesses which will have hand countable number of printers. Watch this video to learn how to upgrade the firmware using this way.
Method 2: How To Update The HP LaserJet Pro Firmware Using HP Printer Update Utility?
Use this method to download and install the HP Printer Update Utility manually. This method is good for any small to large businesses which will have hundreds of printers in their facility.
Time needed: 10 minutes.
How To Update The HP LaserJet Pro Firmware Using HP Printer Update Utility?
- Prepare for the Update
1. Print the printer status page or network setting page to check the current firmware version.
* Press OK to display the Home screen on the printer control panel.
* Use Arrow buttons to navigate to Setup and press OK.
* Open the Reports menu.
* Choose either Printer Network Configuration Report to print the Network settings page or select Printer status report.
* Note installed firmware version. - Download the firmware file
* to HP Support and click Software and Drivers and then Printer.
* Type the printer name in the search field and select Submit.
* Locate the Firmware Update in the Firmware section.
* Click Download and save the file to the system. - Update the firmware
Follow these steps to update the firmware on Windows.
1. Navigate to the location where the .exe file is located.
2. Double-click the file to initiate the upgrade process.
3. Wait for the utility to detect printers connected to the PC via network or USB.
4. Select the printers for which the firmware update is required and select Update.
5. Wait for the printer to reboot to a Ready state after completing the download. It will reboot automatically.
6. Print a Printer Network Configuration Report to verify that the printer firmware update was successful, and then click the firmware version.
7. Click the OK button to close the utility.Click here for more information.
We hope this post will help you know How to Fix Multiple Critical Vulnerabilities in HP LaserJet Pro Printer Modules. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270186.html