HP JetDirect Vulnerabilities Discussed

Published: 2013-01-27
Last Updated: 2013-01-27 17:46:36 UTC
by Tony Carothers (Version: 1)
3 comment(s)

On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software  by researcher Sebastián Guerrero (English translation is available here).  I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment.  Even in highly developed enterprise security groups the printer firmware is often overlooked because of the ‘low risk’ typically associated with these types of devices..  Many of these devices are ignored in vulnerability scans, monitoring devices, and log collection, which is perfect for avoiding detection.

Bad guys know this.

So where is the danger?  Anybody remember in the late 90’s when printers became rooted file servers sharing music right beneath the noses of administrators everywhere?  The BLUF is that the HP printers today offer network connectivity, computing power and storage, and as such can be targets for exploit.  And once a machine which you own is compromised, then the real work (losses) begin.

What’s the word in your world?  What say you?

tony d0t carothers --gmail

 

Keywords: HP JetDirect
3 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives