Warning – Remote code execution vulnerability in HP Print and Digital Sending Products
CVE-2022-3942
CVSS score 8.4
Sources
HP: https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Trend Micro ZDI: https://www.zerodayinitiative.com/advisories/ZDI-22-532/
Risques
Unpatched HP products mentioned on the HP support website will remain vulnerable to a remote code execution and buffer overflow vulnerability that does not require authentication for it to be exploited.
Description
Two months after the vulnerability was disclosed to HP by Trend Micro’s Zero Day Initiative, HP has released updates for a range of HP products affected by CVE-2022-3942.
According to the vulnerability details provided by ZDI, the vulnerability does not require authentication for it to be exploited, only access to the network on which the affected products are located, due to a flaw in the Link-Local Multicast Name Resolution (LLMNR) protocol implementation by the affected products, leading to code execution in the context of root.Organisations will need to verify that if they use HP products in their networks, whether the models used are listed on HP’s support page and take action accordingly.
Actions recommandées
In case patching cannot be performed due to circumstances or a patch has not been made available for an affected product, HP recommends to disable the use of LLMNR by the affected product.
Additionally, we also recommend separating network printing devices from any user and/or server networks into their own network. A so-called printing subnet/vlan.
Références
BleepingComputer: https://www.bleepingcomputer.com/news/security/hundreds-of-hp-printer-models-vulnerable-to-remote-code-execution/