How To Fix Multiple Critical Vulnerabilities In HP LaserJet Pro Printer Modules

HP has addressed four vulnerabilities of which two are high and two are medium severity. Attackers can abuse these vulnerabilities to perform information disclosure, remote code execution, buffer overflow, and denial of service vulnerabilities. It’s important to fix these vulnerabilities to protect your products against potential attacks. Let’s see How to Fix Multiple Critical Vulnerabilities in HP LaserJet Pro Printer Modules.

List Of Multiple Critical Vulnerabilities In HP LaserJet Pro Printer Modules

Summary Of These Vulnerabilities

There are four vulnerabilities addressed two of which are high and the remaining two are medium in severity. Here is a summary of vulnerabilities in the HP LaserJet Pro Printer.

Summary Of CVE-2022-24291

CVE-2022-24291 vulnerability enables remote hackers to create a denial-of-service condition on infected installations of HP LaserJet Pro MFP M283fdw printers. There is no need for authentication to exploit this vulnerability. This flaw exists within the ScanJobs API. A memory corruption condition can be caused by crafted data in a request. 

Summary Of CVE-2022-24292

CVE-2022-24292 vulnerability enables remote hackers to disclose sensitive information on infected installations of HP LaserJet Pro MFP M283fdw printers. There is no need for authentication to exploit this vulnerability. This flaw exists within the PostScript interpreter. A read past the end of an allocated data structure can be triggered due to crafter data.

Summary Of CVE-2022-24293

CVE-2022-24293 vulnerability enables remote hackers to execute arbitrary code on infected installations of HP LaserJet Pro MFP M283fdw printers. The existing authentication method can be bypassed, as authentication is required to exploit this vulnerability. This flaw exists within the address book feature. The problem results from the lack of proper validation of the user-supplied data length before copying it to a fixed-length stack-based buffer. 

Summary Of CVE-2022-3942

CVE-2022-3942 vulnerability enables network-adjacent attackers to execute arbitrary code on infected installations of HP LaserJet Pro MFP M283fdw printers. There is no need for authentication to exploit this vulnerability. This flaw exists within the LLMNR protocol implementation. The problem results from the lack of proper validation of the user-supplied data length before copying it to a fixed-length stack-based buffer. 

List HP LaserJet Pro Printer Modules Affected By These Vulnerabilities

Please find the products affected by these vulnerabilities and the firmware version that resolves the vulnerabilities. Please don’t forget to see the updated list here.

We urge you to carefully go through the table and list out the vulnerabilities identified in your modules and upgrade the firmware to the resolved version or the latest available for download.

Caution: We always recommend reading the product guide or contacting the vendor support team before upgrading firmware. A wrong firmware upgrade may either break your device or lead to permanent damage.

HP LASERJET PRO PRINTERS:

HP PAGEWIDE PRO PRINTERS:

HP PAGEWIDE PRO PRINTERS:

How To Fix These Vulnerabilities In HP LaserJet Pro Printer Modules?

HP offers periodic firmware updates for printers to address known issues and add new features. You must update the firmware on your printer to get all the latest updates.

There could be different ways to upgrade the firmware. Firmware upgradation using the printer control panel is the direct way to upgrade the firmware on the device itself which doesn’t require a computer to have. The second method is to upgrade the firmware using the printer update utility. This is the best way to go when you have multiple printers to upgrade the firmware. It is best for small to large size corporate networks. You can learn about upgrading firmware from here. Let’s see both methods below.

Here are two supported methods to update firmware on your printer.

Method 1: Update The Firmware Via The Printer Control Panel

Use this method to update the firmware via the printer control panel and to set the printer to update the firmware with the availability of new updates automatically. However, the process varies based on the type of control panel the device has. The control panel can be any one of the following types. This method works well for homes or small businesses which will have hand countable number of printers. Watch this video to learn how to upgrade the firmware using this way.

Created by HP

Created by HP

Method 2: How To Update The HP LaserJet Pro Firmware Using HP Printer Update Utility?

Use this method to download and install the HP Printer Update Utility manually. This method is good for any small to large businesses which will have hundreds of printers in their facility.

Step 1. Prepare for the Update

1. Print the printer status page or network setting page to check the current firmware version.* Press OK to display the Home screen on the printer control panel.* Use Arrow buttons to navigate to Setup and press OK.* Open the Reports menu.* Choose either Printer Network Configuration Report to print the Network settings page or select Printer status report.* Note installed firmware version.

Step 2. Download the firmware file

* to HP Support and click Software and Drivers and then Printer.* Type the printer name in the search field and select Submit.* Locate the Firmware Update in the Firmware section.* Click Download and save the file to the system.

Step 3. Update the firmware

Follow these steps to update the firmware on Windows.
1. Navigate to the location where the .exe file is located.2. Double-click the file to initiate the upgrade process. 3. Wait for the utility to detect printers connected to the PC via network or USB.4. Select the printers for which the firmware update is required and select Update.5. Wait for the printer to reboot to a Ready state after completing the download. It will reboot automatically.6. Print a Printer Network Configuration Report to verify that the printer firmware update was successful, and then click the firmware version.7. Click the OK button to close the utility.
Click here for more information.

We hope this post would help you know How to Fix Multiple Critical Vulnerabilities in HP LaserJet Pro Printer Modules. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this. 

You may also like these articles: