In HP Laser Jet Printers a critical vulnerability has been discovered which could give remote attackers access to sensitive data, Homeland Security’s computer Emergency response Team recently issued a note on HP LaserJet Professional printer telnet debug shell vulnerability
Overview
remote attacker to gain unauthorized access to data.
Description
Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.
For additional vulnerability information and a list of affected devices see HP Security Bulletin HPSBPI02851 SSRT101078. |
Impact
A remote unauthenticated attacker can connect to the telnet debug shell and gain unauthorized access to data. |
Solution
Update HP has provided updated printer firmware to resolve this issue. Firmware download information can be found in HP Security Bulletin HPSBPI02851 SSRT101078. |
Restrict access As a general good security practice, only allow connections from trusted hosts and networks. |
You can read more about this Vulnerability from the note issued by Homeland Security’s computer Emergency response Team here.