Printing Shellz is the name of a new set of security vulnerabilities that affect 150 different HP multifunction printers (MFPs). The flaws could be leveraged to takeover exposed devices, steal sensitive information, and sneak into enterprise networks to lay the grounds for more attacks.
CVE-2021-39237 and CVE-2021-39238
The vulnerabilities are known as CVE-2021-39237 and CVE-2021-39238.
CVE-2021-39237 has been given a CVSS score of 7.1, and has been described as an information disclosure issue that exposes specific HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
CVE-2021-39238 has been given a CVSS score of 9.3), and has been described as a buffer overflow flaw that impacts HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed printers.
Fortunately, HP was quick enough to address the flaws, and patches are already available, which were originally discovered by F-Secure’s Alexander Bolshev and Timo Hirvonen.
About the Printing Shellz Exploit
According to the report, “the exploit starts a SOCKS proxy on the MFP, allowing the attacker to move laterally through the network infrastructure.” An alternative attack vector is simply printing a maliciously crafted document.
The two researchers released a detailed video that showcases how the exploit works.
Previous Printer-Related Vulnerabilities
In July 2021, a highly severe privilege escalation vulnerability in HP printer drivers, also used by Samsung and Xerox, was disclosed.
The vulnerability, known as CVE-2021-3438 identifier, affected hundreds of millions of Windows machines. The issue had been present for at least 16 years, before its discovery this year, attributed to SentinelOne researchers.
Again in July, the infamous Windows Print Spooler Vulnerability was uncovered. It is noteworthy that the PoC code was shared on GitHub, and taken down within a few hours. However, these few hours were enough for the code to be copied.
The flaw is also known as PrintNightmare, existing in the Windows Print Spooler. It was initially addressed in June 2021 Patch Tuesday as an insignificant elevation-of-privilege issue.
However, security researchers from Tencent and NSFOCUS TIANJI Lab discovered that the CVE-2021-1675 bug could be deployed for RCE attacks, automatically changing its status to critical.