Highly Critical CVE-2018-5924 in HP Printers, Update Firmware Now!

Highly Critical CVE-2018-5924 in HP Printers, Update Firmware Now!

A couple of new critical security flaws were found in HP printers.

CVE-2018-5924, CVE-2018-5925 in HP Printers

One of the vulnerabilities resides in the firmware of certain HP printers, and it has been classified as very critical. This vulnerability is known as CVE-2018-5924 and affects an unknown function. What is known is that the manipulation with an unknown input leads to a memory corruption flaw. The second vulnerability, CVE-2018-5925, appears to be related to the first one.






How can an attack take place?
As explained by HP, “a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution”.

Fortunately, HP has already provided firmware updates for the affected products, such as Pagewide Pro, DesignJet, OfficeJet, DeskJet and Envy printers.

To obtain the updated firmware, users are urged to go to the HP Software and Drivers page for the particular product, find the firmware update from the list of available software, and follow the instructions.

Just last week, HP announced it will be inviting white hat hackers to test its printers for bugs that hackers could exploit for malicious purposes. The one-of-a-king bug bounty program is launched in partnership with bug bounty platform Bugcrowd.

Related Story: One-of-a-Kind HP Printer Bug Bounty to Improve Network Security

According to a 2018 report by Bugcrowd, endpoint devices are increasingly targeted by malicious actors, with a 21 percent increase in total endpoint bugs reported in the last year. Thus, HP decided to launch a printer-only vulnerability disclosure program encouraging researchers to discover and report bugs.

Depending on the scale of the vulnerability, bug bounties will vary between $500 and $10,000.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...