Unauthorized File Access in HP LaserJets

Just when you thought it was safe to print your documents to your network-ready HP LaserJet, a new vulnerability has been discovered which allows unauthorized file access (configuration files and cached documents) to be remotely accessible on certain HP LaserJets.

This is by no means a new vector of attack; medium to high end printers often cache large or graphics-intensive documents. Yet printers are often seen as write-only media and thus neglected from regular patch cycles. Network printers which are often used to print sensitive documents should only be visible from machines & networks that have a business need (i.e. not the whole organization and certainly not the Internet).

Src: SANS Internet Storm Center

No comments: