Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Time to patch your HP printers

HP have released a security bulletin for certain LaserJet printers. They require firmware updates. It is a directory traversal issue in the web admin interface. The vulnerability leads to unauthorized access to arbitrary files stored on the printer(s). The bulletin SSRT080166 is here. The CVE is CVE-2008-4419. Printers tend to be low on the priority list of systems or devices to be patched, this one will likely linger for years to come. The impact might not seem severe, as in the attacker can view the printer configuration, however viewing cached versions of printed documents can be.Other than patching, disallowing access to the web admin interface is likely the only other mitigation.

Adrien de Beaupré Inc.

I will be teaching next: Enterprise and Cloud | Threat and Vulnerability Assessment - SANS Secure Japan 2022

Adrien de Beaupre

353 Posts
ISC Handler
Feb 6th 2009

Sign Up for Free or Log In to start participating in the conversation!