Warning – Remote code execution vulnerability in HP Print and Digital Sending Products
CVSS score 8.4
Trend Micro ZDI: https://www.zerodayinitiative.com/advisories/ZDI-22-532/
Unpatched HP products mentioned on the HP support website will remain vulnerable to a remote code execution and buffer overflow vulnerability that does not require authentication for it to be exploited.
Two months after the vulnerability was disclosed to HP by Trend Micro’s Zero Day Initiative, HP has released updates for a range of HP products affected by CVE-2022-3942.
According to the vulnerability details provided by ZDI, the vulnerability does not require authentication for it to be exploited, only access to the network on which the affected products are located, due to a flaw in the Link-Local Multicast Name Resolution (LLMNR) protocol implementation by the affected products, leading to code execution in the context of root.Organisations will need to verify that if they use HP products in their networks, whether the models used are listed on HP’s support page and take action accordingly.
In case patching cannot be performed due to circumstances or a patch has not been made available for an affected product, HP recommends to disable the use of LLMNR by the affected product.
Additionally, we also recommend separating network printing devices from any user and/or server networks into their own network. A so-called printing subnet/vlan.