This week, HP released a security bulletin regarding a critical-severity vulnerability affecting the firmware of some business-grade printers. The vulnerability, tracked as CVE-2023-1707, impacts approximately 50 models of HP Enterprise LaserJet and HP LaserJet Managed Printers.
CVE-2023-1707: HP Printer Vulnerability
With a CVSS v3.1 severity score of 9.1 out of 10, the CVE-2023-1707 HP printer vulnerability has the potential to cause information disclosure. However, exploiting it is not an easy task, as vulnerable devices must have IPsec enabled and be running FutureSmart firmware version 5.6.
IPsec (Internet Protocol Security) is a security protocol used in corporate networks to protect data and prevent unauthorized access. FutureSmart is a platform that enables users to configure printers both from the device’s control panel and remotely through a web browser. If successfully exploited, the vulnerability could allow an attacker to access sensitive information exchanged between the vulnerable HP printers and other devices on the network. HP estimates that it will take up to 90 days to patch the issue.
These are the HP printer models impacted by CVE-2023-1707:
HP Color LaserJet Enterprise M455, HP Color LaserJet Enterprise MFP M480, HP Color LaserJet Managed E45028, HP Color LaserJet Managed MFP E47528, HP Color LaserJet Managed MFP E785dn, HP Color LaserJet Managed MFP E78523, E78528, HP Color LaserJet Managed MFP E786, HP Color LaserJet Managed Flow MFP E786, HP Color LaserJet Managed MFP E78625/30/35, HP Color LaserJet Managed Flow MFP E78625/30/35, HP Color LaserJet Managed MFP E877, E87740/50/60/70, HP Color LaserJet Managed Flow E87740/50/60/70, HP LaserJet Enterprise M406, HP LaserJet Enterprise M407, HP LaserJet Enterprise MFP M430, HP LaserJet Enterprise MFP M431, HP LaserJet Managed E40040, HP LaserJet Managed MFP E42540, HP LaserJet Managed MFP E730, HP LaserJet Managed MFP E73025, E73030
HP advises users to immediately switch back to the earlier version of the firmware (FutureSmart version 5.5.0.3). A new firmware update to address this issue is expected in the next 90 days. To get the software package, users must go to HP’s official download portal, choose the correct printer model, and download the relevant software.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: