Vatsvagiridzi vekuchengetedza kubva kuF-Secure vaona kusagadzikana kwakanyanya (CVE-2021-39238) kunobata anopfuura zana nemakumi mashanu HP LaserJet, LaserJet Managed, PageWide uye PageWide Managed maprinta uye MFPs. Kusagadzikana kunobvumira iwe kuti ukonzerese kupfachukira mu font processor nekutumira yakanyatsogadzirirwa PDF gwaro rekudhinda uye kuzadzisa kuurayiwa kwekodhi yako padanho re firmware. Dambudziko rave riripo kubva 150 uye rakagadziriswa mune firmware zvigadziriso zvakaburitswa munaNovember 2013 (mugadziri akaziviswa nezvedambudziko muna Kubvumbi).
Kurwiswa kwacho kunogona kuitwa pamaprinta akabatana munharaunda uye pane network yekudhinda masisitimu. Semuyenzaniso, munhu anorwisa anogona kushandisa hunyanzvi hwesocial engineering kumanikidza mushandisi kudhinda faira rakashata, kurwisa printer kuburikidza neyakatokanganiswa mushandisi system, kana kushandisa nzira yakaita se "DNS rebinding," iyo inobvumira kana mushandisi avhura imwe peji mukati. bhurawuza yekutumira chikumbiro cheHTTP kunetiweki yetiweki port (9100/ TCP, JetDirect), isingawanikwe kuti ipinde zvakananga kuburikidza neInternet.
Mushure mekubudirira kwekushandiswa kwekusagadzikana, printer yakakanganiswa inogona kushandiswa sechitubu kutanga kurwisa kunetiweki yemuno, kufembedza traffic, kana kusiya nzvimbo yakavanzika yekuvapo kune vanorwisa network yenzvimbo. Kusagadzikana kwakakodzerawo kuvaka botnets kana kugadzira network makonye anoongorora mamwe masisitimu anotambura uye kuyedza kuvatapurira. Kuti uderedze kukuvadza kubva kuprinter compromise, zvinokurudzirwa kuisa maprinta etiweki mune imwe VLAN yakaparadzana, kudzora firewall kubva kumisikidza inobuda network yekubatanidza kubva kumaprinta, uye shandisa yakaparadzana yepakati print server pane kuwana zvakananga printer kubva kunzvimbo dzekushandira.
Vatsvagiri vaonawo kumwe kusagadzikana (CVE-2021-39237) mumaprinta eHP, izvo zvinoita kuti zvikwanise kuwana mukana wakazara kune mudziyo. Kusiyana nekusagadzikana kwekutanga, dambudziko rinopihwa mwero wengozi, sezvo kurwiswa kunoda kupinda mumuviri kune anodhinda (iwe unofanirwa kubatana neUART chiteshi kweanenge maminetsi mashanu).
Source: opennet.ru