Jan 17 2023

EXPLOIT CODE TO HACK LEXMARK PRINTERS AND PHOTOCOPIERS PUBLISHED, USES ZERO DAY VULNERABILITIES

Category: Printer security,Security vulnerabilities,Zero dayDISC @ 10:27 am

The American corporation Lexmark International, Inc. is a privately owned business that specializes in the production of laser printers and other image goods.

The researcher found that the product is susceptible to two vulnerabilities, either of which can be exploited by an adversary to copy file data from a source path to a destination path or to induce the server-side application to make requests to an unintended location. Both of these vulnerabilities are possible due to the fact that the product is vulnerable to both of these vulnerabilities. According to the specialists, the printer has two vulnerabilities that enable an authorized hacker to upload arbitrary files and run code with elevated privileges. Both of these vulnerabilities may be exploited by a malicious user.

He published the code on Github that had a proof-of-concept (PoC) exploit for each of the four vulnerabilities. These vulnerabilities make it possible for an adversary to seize control of a vulnerable device.

According to the findings of the researcher, an attack may be carried out that compromises the device by exploiting all four of its vulnerabilities simultaneously.

The proof-of-concept attack has been successfully tested against a Lexmark MC3224adwe printer using the most recent version of the firmware, CXLBL.081.225; nevertheless, it is claimed to operate successfully against other printers and photocopiers as well.

The security flaw that was discovered in Lexmark’s printer devices has not been fixed.

Tags: LEXMARK PRINTERS


Feb 22 2022

How much can you trust your printer?

Category: Printer securityDISC @ 9:33 am
Which assets can be made accessible by printer vulnerabilities?

Business-class printers are often running a variant of Linux, which means they have many of the same vulnerabilities that you would find on any network attached Linux server. Many zero-day exploits that have been found in the Linux kernel could be found in these printers if they are left unpatched.

So, what is the primary motivation of attackers? It is usually to gain remote access behind the corporate firewall. Cybercriminals often use network-attached devices to discover more about the other devices connected to the network. If a device can be used to scan the network, it might be possible to find other vulnerable devices on the network. It may even be possible for the attacker to use the printer to mount the attacks on other network-attached devices. In this way, a printer becomes a staging area for malicious actors to attack and compromise other, more critical platforms within a corporate network.

That said, for some companies, the printer itself can be the target. Many business class printers have hard drives that are used to save jobs, templates and other necessary information needed for its use by the customer. This means that an immense amount of sensitive and confidential data is being stored on the printer. Extraction of this valuable, locally stored data on the printer is sometimes an attacker’s goal.

What can organizations do to make their printers secure?

First off, good “firmware hygiene” is essential. Multi-function network-attached printers are surprisingly sophisticated systems, and as a result have highly sophisticated embedded operating systems. Most of these printers have a webserver for providing device status and allowing configuration updates along with printer firmware updates. These devices are also expected to support a lot of different network protocols, such as SNTP, SNMP and the related printer-specific protocols.

As you might expect: the more complex the firmware in a device is, the more potential security vulnerabilities it may have. Printer OEMs are aware of the attack surface their products present, and they strive to maintain the highest grade of security within their embedded software. A policy for applying standard vendor-authentic updates and patches should be followed. Also, intrusion-detection software should be operational within a corporate LAN. This allows for monitoring of any non-standard, potentially malicious traffic – not just from the user’s personal devices, but from any network-attached appliance.

Printer Security The Ultimate Step-By-Step Guide

Tags: Printer security


Dec 06 2021

Hackers are sending receipts with anti-work messages to businesses’ printers

Category: Printer securityDISC @ 10:08 am

Hackers are targeting printers of businesses around the world to print ‘anti-work’ slogans pushing workers to demand better pay.

Multiple employees are sharing on Twitter and Reddit the images of anti-work messages sent to the printers of their organizations. The messages encourage workers to protect their rights and discuss their pay with coworkers and demand better pay.

“The posts were made on the r/Antiwork subreddit which describes itself as a community ‘for those who want to end work, are curious about ending work, want to get the most out of a work-free life, want more information on anti-work ideas

https://twitter.com/Mage_Bit/status/1463852669748097031?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1463852669748097031%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125309%2Fhacktivism%2Fanti-work-messages-businesses-printers.html

“ARE YOU BEING UNDERPAID? You have a protected LEGAL RIGHT to discuss your pay with your coworkers. […] POVERTY WAGES only exist because people are ‘willing’ to work for them.” reads the message.

“How can the McDonald’s in Denmark pay their staff $22 an hour and still manage to sell a Big Mac for less than in America?” reads one of the receipts.

The printed receipt encouraged employees to form unions because ‘Unions’ are the only organizations that could “easily align everyone’s goals.”

Tags: anti-work messages


Nov 30 2021

Critical Printing Shellz flaws impact 150 HP multifunction printer models

Category: Printer securityDISC @ 10:34 am

Cybersecurity researchers from F-Secure have discovered two critical vulnerabilities, collectively tracked as Printing Shellz, that impact approximately 150 multifunction printer models.

The vulnerabilities can be exploited by attackers to take control of vulnerable devices and steal sensitive information, from enterprise networks. The issues date back to 2013 and HP fixed them ([1], [2]) in November. The company acknowledged F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev for reporting the vulnerabilities on April 29, 2021.

The two vulnerabilities are:

  • CVE-2021-39237 (CVSS score: 7.1) – An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
  • CVE-2021-39238 (CVSS score: 9.3) – A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

We found multiple exploitable bugs in a HP multi-function printer (MFP). The flaws are in the unit’s communications board and font parser.” reads the FAQs published by F-Secure researchers. “An attacker can exploit them to gain code execution rights, with the former requiring physical access while the latter can be accomplished remotely. A successful attack will allow an adversary to achieve various objectives, including stealing information or using the compromised machine as a beachhead for future attacks against an organization.

Below are the attack scenarios detailed by the researchers:

  • Printing from USB drives. This is what we used during the research. In the modern firmware versions, printing from USB is disabled by default.
  • Social engineering a user into printing a malicious document. It may be possible to embed an exploit for the font-parsing vulnerabilities in a PDF. The opportunities for social engineering are endless: HR printing a CV before a job interview, a receptionist printing a boarding pass, etc.
  • Printing by connecting directly to the physical LAN port.
  • Printing from another device that is under attacker’s control and in the same network segment. This also implies that the respective flaw (CVE-2021-39238) is wormable, i.e., the exploit can be used to create a worm that replicates itself to other vulnerable MFPs across the network.
  • Cross-site printing (XSP): sending the exploit to the printer directly from the browser (by tricking a user into visiting a malicious website, for example) using an HTTP POST to JetDirect port 9100/TCP. This is probably the most attractive attack vector.
  • Direct attack via exposed UART ports that are mentioned in CVE-2021-39237, if attacker has physical access to the device for a short period of time.

Tags: Critical Printing Shellz flaws, Critical Printing vulnerability