RCE Vulnerability in multiple HP Enterprise Laser Jet Products
CVE-2023-1329
CVSS 9.8
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Bronnen
https://support.hp.com/us-en/document/ish_8585737-8585769-16/hpsbpi03849
Risico’s
Information about a critical vulnerability has been published affecting certain HP multifunction printers, including Enterprise models. The vulnerability can lead to a Buffer Overflow and/or Remote Code Execution (RCE).
Beschrijving
Vulnerability CVE-2023-1329 has a CVSS3 score of 9.8 and has a high impact in the confidentiality, integrity and availability of the systems. There is no proof-of-concept (POC) or signs of active exploitation at the time of writing.
The vendor's advisory includes an extensive list of all the affected products and firmware versions.
Aanbevolen acties
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
- Follow the vendor's guide and apply the necessary firmware updates after thorough testing.
- Implement additional security measures to limit the likelihood that the printers can be compromised. At a minimum, make sure the printers are not exposed publicly.