A malicious fax sent to an HP Inc. OfficeJet all-in-one inkjet printer can give hackers control of the printer and act as a springboard into an attached network environment.
LAS VEGAS – Tens of millions of fax-ready HP OfficeJet inkjet printers are vulnerable to a simple hack that gives an attacker full control over a targeted printer. Once compromised, the all-in-one OfficeJet could act as a springboard for deeper network penetration by an attacker.
Here at DEF CON, researchers at Check Point released public details on two critical vulnerabilities found in HP’s implementation of a widely used fax protocol used in all its OfficeJet all-in-one inkjet printers. In coordination with Check Point’s public disclosure, HP Inc. released patches for both vulnerabilities (CVE-2018-5925 and CVE-2018-5924). read the rest here