ProHoster > Blog > litaba tsa inthanete > Ho ba kotsing ho hoholo mefuteng ea liprinta tsa 150 HP LaserJet le PageWide

Ho ba kotsing ho hoholo mefuteng ea liprinta tsa 150 HP LaserJet le PageWide

Bafuputsi ba ts'ireletso ho tsoa ho F-Secure ba khethile ho ba kotsing e kholo (CVE-2021-39238) e amang likhatiso tse fetang 150 HP LaserJet, LaserJet Managed, PageWide le PageWide Managed Printer le MFPs. Ho ba kotsing ho u fa monyetla oa ho etsa hore buffer e khaphatsehe ka har'a processor ea fonte ka ho romella tokomane e ikhethileng ea PDF bakeng sa ho hatisoa le ho fihlela ts'ebetso ea khoutu ea hau maemong a firmware. Bothata bo bile teng ho tloha ka 2013 mme bo lokisitsoe ho lintlafatso tsa firmware tse hatisitsoeng ka la 1 Pulungoana (moetsi o ile a tsebisoa ka bothata ka Mmesa).

Tlhaselo e ka etsoa ka bobeli ho bahatisi ba hokahaneng ba lehae le lits'ebetsong tsa khatiso tsa marang-rang. Ka mohlala, mohlaseli a ka sebelisa mekhoa ea boenjiniere ea sechaba ho qobella mosebedisi ho hatisa faele e kotsi, ho hlasela mochine oa khatiso ka mochine o seng o ntse o le kotsing, kapa a sebelise mokhoa o tšoanang le oa "DNS rebinding," e lumellang, ha mosebedisi a bula ntho e itseng. leqepheng la sebatli, ho romella kopo ea HTTP ho boema-kepe ba marang-rang (9100/ TCP, JetDirect), ha e fumanehe bakeng sa phihlello e tobileng ka Marang-rang.

Ka mor'a tšebeliso e atlehileng ea ho ba kotsing, mochine oa khatiso o senyehileng o ka sebelisoa e le setsi sa ho qala tlhaselo ho marang-rang a sebaka seo, ho fofonela sephethephethe, kapa ho siea sebaka se patehileng sa ho ba teng bakeng sa bahlaseli marang-rang a sebaka seo. Kotsi e boetse e loketse ho haha ​​​​botnets kapa ho theha liboko tsa marang-rang tse hlahlobang mekhoa e meng e tlokotsing ebe li leka ho li tšoaetsa. Ho fokotsa kotsi ea ho sekisetsa mohatisi, ho kgothaletswa ho beha dihatisi tsa marang-rang sebakeng se arohaneng sa VLAN, ho thibela firewall ho theha likhokahano tsa marang-rang tse tsoang ho bahatisi, le ho sebelisa seva e arohaneng ea khatiso ea mahareng ho fapana le ho fihlella mohatisi ka kotloloho ho tsoa litsing tsa mosebetsi.

Bafuputsi ba boetse ba hlokometse kotsi e 'ngoe (CVE-2021-39237) ho li-printer tsa HP, e leng se etsang hore ho khonehe ho fumana mokhoa o feletseng oa sesebelisoa. Ho fapana le ts'oaetso ea pele, bothata bo behiloe boemo bo itekanetseng ba kotsi, kaha tlhaselo e hloka phihlello ea 'mele ho mohatisi (o hloka ho hokela boema-kepe ba UART ka metsotso e ka bang 5).



Source: opennet.ru

Eketsa ka tlhaloso