FREE SHIPPING on printer ink cartridges & toner orders of $50+

HP to Patch Critical Printer Bug Within 90 Days

by William Elward

HP has announced that it will take up to 90 days to patch a critical-severity vulnerability that affects the firmware of certain business-grade printers [1]. The security issue, tracked as CVE-2023-1707, affects about 50 HP Enterprise LaserJet and HP LaserJet Managed Printers models, and has a severity score of 9.1 out of 10 using the CVSS v3.1 standard[1]. Exploiting the vulnerability could potentially lead to information disclosure[1]. While there is no evidence of active exploitation, users are recommended to source the firmware package from HP's official download portal and update their software[1].

This is not the first time HP has had to patch a severe vulnerability in its printers. In 2021, HP patched a vulnerability that had been hidden in a printer driver for 16 years [3]. The vulnerability, tracked as CVE-2021-3438, was described as a "potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege[3]. Some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005[3]. SentinelLabs researcher Kasif Dekel reported the vulnerability to HP on February 18, and the vendor issued a patch to resolve the security flaw on May 19[3].

To prevent vulnerabilities in HP printers, users can disable unused network protocols and features using the printer's Embedded Web Server (EWS[2]. HP provides instructions on how to access the EWS for HP Color LaserJet Pro printers on its support website[2]. The steps to access the printer settings in the EWS will vary depending on the firmware installed on the printer[2]. Users can disable network settings in the EWS by obtaining the printer's IP address on the printer control panel and following the steps provided by HP[2].
SOURCES
bleepingcomputer
1. HP to patch critical bug in LaserJet printers within 90 days
2 days ago · By. Bill Toulas. April 4, 2023. 06:46 PM. 0. HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of ...
hp
2. HP Color LaserJet Pro - Disable unused network protocols and ...
Learn how to disable unused network protocols and features using the printer's Embedded Web Server (EWS). This document provides instructions on how to access the EWS for HP Color LaserJet Pro printers. The steps to access the printer settings in the EWS will vary depending on the firmware installed on your printer.
zdnet
3. HP patches vulnerable driver lurking in printers for 16 years
Jul 20, 2021 · The vendor has provided a patch and is asking customers to update their software. To do so, customers can visit the HP software portal , select their printer model, and apply the update.

About William Elward

Founder of Castle Ink, William Elward has 20 years experience in the printer industry. He's been featured on CNN Money, Yahoo, PC World, Computer World, and other top publications and frequently blogs about printers and ink cartridges. He's an expert at diagnosing printer issues and has published guides to fixing common printer issues across the internet. A graduate of Bryant University and Columbia's Sulzberger Executive Leadership Program, he's held various leadership positions at The College Board, Bankrate, Zocdoc, and Everyday Health. Follow him on Twitter at William Elward's Twitter Profile

Back to Printer Support