Cyber Security News

HP LaserJet Printers Flaw Let Attacker Gain Unauthorized Access

According to a security advisory from HP, some HP Enterprise LaserJet and HP LaserJet Managed printers may be susceptible to information exposure when IPsec is enabled with FutureSmart version 5.6.

All HP Enterprise devices run HP FutureSmart firmware, making it simple to administer and maintain various features across your fleet, from the user experience to app security support.

Users can operate and set up printers using a control panel located at the printer or a web browser for remote access.

The IP network security protocol suite, IPsec (Internet Protocol Security), is used in business networks to secure internal and external communications and stop unwanted access to resources, such as printers.

A critical rating and a CVSS v3.1 score of 9.1 have been given to the issue, tracked as CVE-2023-1707.

Indeed, HP has not yet released a fix for the concerned firmware. According to HP, a new firmware version that rectifies the problem should be available in 90 days.

Notably, the information disclosure flaw in this condition could give an attacker access to sensitive information sent between the affected HP printers and other networked devices.

Affected Products

  • HP Color LaserJet Enterprise M455
  • HP Color LaserJet Enterprise MFP M480
  • HP Color LaserJet Managed E45028
  • HP Color LaserJet Managed MFP E47528
  • HP Color LaserJet Managed MFP E785dn, HP Color LaserJet Managed MFP E78523, E78528
  • HP Color LaserJet Managed MFP E786, HP Color LaserJet Managed Flow MFP E786, HP Color LaserJet Managed MFP E78625/30/35, HP Color LaserJet Managed Flow MFP E78625/30/35
  • HP Color LaserJet Managed MFP E877, E87740/50/60/70, HP Color LaserJet Managed Flow E87740/50/60/70
  • HP LaserJet Enterprise M406
  • HP LaserJet Enterprise M407
  • HP LaserJet Enterprise MFP M430
  • HP LaserJet Enterprise MFP M431
  • HP LaserJet Managed E40040
  • HP LaserJet Managed MFP E42540
  • HP LaserJet Managed MFP E730, HP LaserJet Managed MFP E73025, E73030
  • HP LaserJet Managed MFP E731, HP LaserJet Managed Flow MFP M731, HP LaserJet Managed MFP E73130/35/40, HP LaserJet Managed Flow MFP E73130/35/40
  • HP LaserJet Managed MFP E826dn, HP LaserJet Managed Flow MFP E826z, HP LaserJet Managed E82650/60/70, HP LaserJet Managed E82650/60/70

“HP recommends immediately reverting to a prior version of the firmware (FutureSmart version Updated firmware to address the issue is expected within 90 days”.

Users are advised to download the firmware package from HP’s official download portal, where they can choose their printer model and download the necessary software.

Network Security Checklist – Download Free E-Book

Related Read:


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Google Revealed RETVec to Defend Malicious Emails & Spam for Gmail Users

The text-to-dense representation techniques vary, evolving from character bi-grams to advanced subword vectorizers, combating OOV…

2 days ago

New Android Malware FjordPhantom Spreads Covertly Via Email, SMS, & Messaging Apps

In the ever-evolving realm of cybersecurity, Promon, a trailblazer in mobile security solutions, has brought…

3 days ago

New SugarGh0st RAT Delivered via Malicious Windows Shortcut & JavaScript

Hackers use Remote Access Trojans (RATs) to gain unauthorized access and control over a victim's…

3 days ago

Black Basta Ransomware Received Over $100 Million From Victims

Black Basta, the fourth-most active ransomware strain with more than 329 victims, has reportedly made…

3 days ago

Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability

Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors…

3 days ago

WhatsApp Secret Code Feature Lets Users Set Unique Locked Chat Passwords

WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…

3 days ago