HP would take up to 90 days to fix a critical bug in some business-grade printers

HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers.

HP is aware of a critical vulnerability, tracked as CVE-2023-1707 (CVSS v3.1 score 9.1), that affects tens of HP Enterprise LaserJet and HP LaserJet Managed Printers models. The exploitation of the flaw can potentially lead to information disclosure and the IT giant announced that it would take up to 90 days to address the vulnerability. An attack can trigger the bug to access data transmitted between the vulnerable HP printer and other systems on the same network segment.

The company pointed out that the information disclosure can be achieved only by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled.

“Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.” reads the bulletin published by the company.

The vendor has released temporary firmware mitigation for customers currently running FutureSmart 5.6 with IPsec enabled on their printers. The company recommends customers immediately revert to a prior firmware version (FutureSmart version 5.5.0.3).

HP told BleepingComputer that it is not aware of any active exploits, the company pointed out that the exposure period to this potential vulnerability was limited to mid-February 2023 until the end of March 2023)

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

The Teacher – Most Educational Blog
The Entertainer – Most Entertaining Blog
The Tech Whizz – Best Technical Blog
Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, printers)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.