RCE Vulnerability in multiple HP Enterprise Laser Jet Products
CVE-2023-1329
CVSS 9.8
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://support.hp.com/us-en/document/ish_8585737-8585769-16/hpsbpi03849
Risks
Information about a critical vulnerability has been published affecting certain HP multifunction printers, including Enterprise models. The vulnerability can lead to a Buffer Overflow and/or Remote Code Execution (RCE).
Description
Vulnerability CVE-2023-1329 has a CVSS3 score of 9.8 and has a high impact in the confidentiality, integrity and availability of the systems. There is no proof-of-concept (POC) or signs of active exploitation at the time of writing.
The vendor's advisory includes an extensive list of all the affected products and firmware versions.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
- Follow the vendor's guide and apply the necessary firmware updates after thorough testing.
- Implement additional security measures to limit the likelihood that the printers can be compromised. At a minimum, make sure the printers are not exposed publicly.