The vulnerability (CVE-2017-2750), rated every bit high inwards severity alongside 8.1 CVSS scale, is due to insufficiently validating parts of Dynamic Link Libraries (DLL) that allows for the potential execution of arbitrary code remotely on affected 54 printer models.
The safety flaw affects 54 printer models ranging from HP LaserJet Enterprise, LaserJet Managed, PageWide Enterprise in addition to OfficeJet Enterprise printers.
This remote code execution (RCE) vulnerability was discovered past times researchers at FoxGlove Security when they were analyzing the safety of HP's MFP-586 printer (currently sold for $2,000) in addition to HP LaserJet Enterprise M553 printers (sold for $500).
According to a technical write-up posted past times FoxGlove on Monday, researchers were able to execute code on affected printers past times contrary technology scientific discipline files alongside the ".BDL" extension used inwards both HP Solutions in addition to firmware updates.
"This (.BDL) is a proprietary binary format alongside no publicly available documentation," researchers said. "We decided that contrary technology scientific discipline this file format would live on beneficial, every bit it would allow us to make insight into precisely what firmware updates in addition to software solutions are composed of."Since HP has implemented the signature validation machinery to forestall tampering alongside the system, the researchers failed to upload a malicious firmware to the affected printer.
However, later closed to testing researchers said that "it may live on possible to manipulate the numbers read into int32_2 in addition to int32_3 inwards such a agency that the percentage of the DLL file having its signature verified could live on separated from the actual executable code that would run on the printer."
The researchers were able to bypass digital signature validation machinery for HP software "Solution" parcel in addition to managed to add together a malicious DLL payload in addition to execute arbitrary code.
FoxGlove Security has made the source code of the tools used during its interrogation available on GitHub, along alongside the proof-of-concept (PoC) malware payload that could live on remotely installed on the printers.
The actions performed past times their proof of concept malware are every bit follows:
- It downloads a file from http[://]nationalinsuranceprograms[.]com/blar
- Executes the ascendency specified inwards the file on the printer
- Waits for v seconds
- Repeat
To download the novel firmware update, catch the HP website inwards your spider web browser, in addition to pick out Support from the top of the page in addition to pick out Software & drivers. Now, operate inwards the production parent or model number inwards the search box, thus scroll downwards inwards the search results to firmware in addition to download the necessary files.
