CVE-2017-2750 in HP Enterprise-Grade Printers Fixed

CVE-2017-2750 in HP Enterprise-Grade Printers Fixed

New day, new vulnerability. HP has just released firmware patches to address a security bug disclosed by FoxGlove researchers, which enabled hackers to carry out remote code execution attacks on enterprise-grade printers. The flaw in question has been identified as CVE-2017-2750. It was reported to HP in August and has been rated 8.1 on the CVSS scale.

Related Story: Critical CVE-2017-8759 Used in Nation-State Attacks Against Russians

CVE-2017-2750 Leads to Remote Code Execution

To locate CVE-2017-2750, the researchers tested out HP’s Page Wide Enterprise MFP 586 and the HP Color LaserJet Enterprise M553 models. Both models turned out vulnerable. The researchers were able to reverse engineer the “.BDL” (bundle) extension files located in HP firmware.

Once this code was reverse engineered, the experts crafted and uploaded hatched firmware files. This is how they discovered where signature validation was happening so that the protections were bypassed successfully.

What happened next is that the researchers were able to design malware to exploit the printers’ security weaknesses and carried out remote code execution attacks.

HP has issued a security advisory where the vulnerability has been summarized as “Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code”.

Affected printers include: HP Color LaserJet Enterprise M651, HP Color LaserJet Enterprise M652, HP Color LaserJet Managed E65060, HP LaserJet Enterprise 800 color MFP M880, and many more.

A firmware update is already available, and it can be downloaded manually from HP via the firmware search tool.

Earlier this year, security researchers from security firm Modzero came across a built-in keylogger in an HP audio driver while examining Windows Active Domain infrastructure.

Related Story: Researchers Find Built-In Keylogger in HP Audio Driver

Security reviews of modern Windows Active Domain infrastructures are – from our point of view – quite sobering. Therefore, we often look left and right, when, for example, examining the hardening of protection mechanisms of a workstation,” the researchers said.

The keylogger has apparently been present on HP computers since Christmas 2015 or even earlier.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys ‘Mr. Robot’ and fears ‘1984’.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...