There's no known case of the vulnerability being exploited in the wild.įutureSmart is HP's proprietary firmware that runs on the company's most powerful business-grade printers and helps system admins manage and maintain various features across a company's enterprise printer fleet. The company also explained that affected devices could theoretically expose scan job data sent from the printer. In a statement to Bleeping Computer, HP said that that the exposure period for the vulnerability was between mid-February and the end of March 2023, and only affected select models running FutureSmart version 5. The full list of the affected printers can be found on HP's support page. This involves downgrading to a prior version of the firmware (FutureSmart version 5.5.0.3) until the patch is deployed. Until the security patch is rolled out, HP is suggesting a temporary workaround for the affected devices.
Fortunately, the problem only affects a small number of printers that run FutureSmart firmware version 5.6 and have IPsec enabled. The issue, which the company says renders the compromised machines vulnerable to "information disclosure," is tracked as CVE-2023-1707 and has a severity score of 9.1 out of 10 (CVSS v3.1).Īccording to HP, a patch is in the works, and it will be rolled out within 90 days to all its Enterprise LaserJet and LaserJet Managed Printers impacted by the vulnerability. HP has announced a definitive time frame to roll out security updates to fix a critical vulnerability that affects many of its printers. In the meantime, HP is suggesting that users downgrade the firmware version of the affected models as a temporary workaround to mitigate the issue. The company is aware of the problem and is working on an update that will be rolled out later this year.
In a nutshell: Dozens of HP printers are vulnerable to a security issue that could potentially allow attackers to access sensitive information.
0 kommentar(er)
