New day, new vulnerability. HP has just released firmware patches to address a security bug disclosed by FoxGlove researchers, which enabled hackers to carry out remote code execution attacks on enterprise-grade printers. The flaw in question has been identified as CVE-2017-2750. It was reported to HP in August and has been rated 8.1 on the CVSS scale.
CVE-2017-2750 Leads to Remote Code Execution
To locate CVE-2017-2750, the researchers tested out HP’s Page Wide Enterprise MFP 586 and the HP Color LaserJet Enterprise M553 models. Both models turned out vulnerable. The researchers were able to reverse engineer the “.BDL” (bundle) extension files located in HP firmware.
Once this code was reverse engineered, the experts crafted and uploaded hatched firmware files. This is how they discovered where signature validation was happening so that the protections were bypassed successfully.
What happened next is that the researchers were able to design malware to exploit the printers’ security weaknesses and carried out remote code execution attacks.
HP has issued a security advisory where the vulnerability has been summarized as “Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code”.
Affected printers include: HP Color LaserJet Enterprise M651, HP Color LaserJet Enterprise M652, HP Color LaserJet Managed E65060, HP LaserJet Enterprise 800 color MFP M880, and many more.
A firmware update is already available, and it can be downloaded manually from HP via the firmware search tool.
Earlier this year, security researchers from security firm Modzero came across a built-in keylogger in an HP audio driver while examining Windows Active Domain infrastructure.
“Security reviews of modern Windows Active Domain infrastructures are – from our point of view – quite sobering. Therefore, we often look left and right, when, for example, examining the hardening of protection mechanisms of a workstation,” the researchers said.
The keylogger has apparently been present on HP computers since Christmas 2015 or even earlier.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: