HP has patched a serious vulnerability that has been hidden in a printer driver for 16 years.
On Tuesday, SentinelLabs published a vulnerability analysis, tracked as CVE-2021-3438 and issued a CVSS score of 8.8.
The vulnerability is described as a “potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.”
According to the researchers, some HP, Xerox and Samsung printer models contained vulnerable driver software that has been sold worldwide since 2005.
The current driver, SSPORT.SYS, is installed and activated automatically, whether the model was wireless or wired. The driver is also automatically loaded by Microsoft̵
“This makes the driver a perfect candidate to target, since it will always be loaded on the machine even if there is no connected printer,” say the researchers.
The vulnerable function of the driver is the acceptance of data without validation of size parameters, so that attackers can theoretically run over the driver buffer.
Local attackers can escalate the privileges of a SYSTEM account and run code in kernel mode to perform actions, including tampering with a target machine. However, SentinelLabs says that time was not invested in finding a way to arm it alone, and successful exploitation may need a chain of vulnerabilities.
SentinelLabs researcher Kasif Dekel reported on the vulnerability to HP on 18 February. The vendor issued an update to resolve the security issue on May 19th. No exploits in nature have been discovered.
HP said affected models include the HP LaserJet, Samsung CLP, Samsung MultiXpress and Samsung Xpress series in a security consultation.
The vendor has provided an update and asks customers to update the software. To do this, customers can visit the HP software portal, select the printer model, and apply the update.
Xerox has provided its own Security Advisory (.PDF) which names the Xerox B205 / B210 / B215, Phaser and WorkCentre models affected by the error.
Previous and related coverage
Do you have a tip? Get in touch securely via WhatsApp | Signal on +447713 025 499, or over on Keybase: charlie0