HP issued a security bulletin warning of a buffer overflow vulnerability, tracked as CVE-2022-3942 (CVSS score 8.4), that could lead to remote code execution on vulnerable devices.
“Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.” concludes the advisory.
HP already addressed the flaw with the release of firmware security updates for the majority of the affected devices. HP also published mitigations for this issue, the company suggests disabling LLMNR (Link-Local Multicast Name Resolution).
The IT giant published a separate security bulletin about three vulnerabilities, two rated as critical (CVE-2022-24292 (critical severity score: 9.8), and CVE-2022-24293 (critical severity score: 9.8)) and one as high-severity CVE-2022-24291 (high severity score: 7.5).
“Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.” reads the bulletin published by HP.
The flaws could be exploited for information disclosure, gain remote code execution, and triggered a denial of service condition respectively.
HP has addressed all the above issues with the release of printer firmware for some of the impacted models.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, RCE)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.