To start December 2021, is the release of a list of vulnerabilities or HP Printers UART Vulnerabilities, when it comes to HP printers. These serious security vulnerabilities including the UART ports, are affecting a number of HP printer models on the market. If these are exploited then there will be bigger issues in your IT network. The vulnerabilities are known as the “Printing Shellz”, these vulnerabilities on the HP printers allows a remote attacker to take control of target systems via HP printers.
HP Printers UART Vulnerabilities
It was F-Secure Labs who discovered the bugs in the HP printers that open your network to being hacked. The printers most affected are the multi-function printer (MFP) which are commonly used in the business sector. These drivers do have serious bugs in its driver software. The fact that these machines have various functionalities from print and fax over e-mail to large-scale integrations makes is a serious problem. These are the problems which very well could occur:
- Data access as these machines are used in numerous ways printing and processing data;
- User authentication opens the way to steal your network passwords;
- The USBs with MFPs can allow for the spreading of Malware on your network;
The font parser library is vulnerable to a memory corruption issue due to improper validation. This can allow your network to be compromised. There are also issues with the print from USB which also makes it more vulnerable to exploits. This from inside the company by accident with malware on the USB drive. The UART is also exposed according to the report.
F-Secure have discovered exposed UART interfaces that provide unlimited access to the shell within the communication board of HP MFPs. One UART interface on the board provides access to the UEFI shell control, the other one to the root Linux shell of the scanner module.
No exploitation of the bugs have as yet been found. Consequently, HP has now deployed the patches with the latest firmware updates. This to close these issues when it comes to those affected HP printers.