Warning – Remote code execution vulnerability in HP Print and Digital Sending Products

Reference:
Advisory #2022-007

Version:
1.0

Affected software:
HP Deskjet, OfficeJet Printers
HP Enterprise Printers
HP Large Format Printers
HP LaserJet Pro Printers
HP PageWide Pro Printers

Type:
Remote Code Execution

CVE/CVSS:
CVE-2022-3942
CVSS score 8.4

Sources

HP: https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780

Trend Micro ZDI: https://www.zerodayinitiative.com/advisories/ZDI-22-532/

Risks

Unpatched HP products mentioned on the HP support website will remain vulnerable to a remote code execution and buffer overflow vulnerability that does not require authentication for it to be exploited.

Description

Two months after the vulnerability was disclosed to HP by Trend Micro’s Zero Day Initiative, HP has released updates for a range of HP products affected by CVE-2022-3942.

According to the vulnerability details provided by ZDI, the vulnerability does not require authentication for it to be exploited, only access to the network on which the affected products are located, due to a flaw in the Link-Local Multicast Name Resolution (LLMNR) protocol implementation by the affected products, leading to code execution in the context of root.Organisations will need to verify that if they use HP products in their networks, whether the models used are listed on HP’s support page and take action accordingly.

Recommended Actions

In case patching cannot be performed due to circumstances or a patch has not been made available for an affected product, HP recommends to disable the use of LLMNR by the affected product.

Additionally, we also recommend separating network printing devices from any user and/or server networks into their own network. A so-called printing subnet/vlan.

References

BleepingComputer: https://www.bleepingcomputer.com/news/security/hundreds-of-hp-printer-models-vulnerable-to-remote-code-execution/