It is reported that HP LaserJet 4200 and 4300 printers are susceptible to an arbitrary firmware upgrade vulnerability. This vulnerability is due to the method of upgrading the firmware on affected devices. According to HP upgrade documentation, these printers can upgrade their firmware by sending them specially formatted print jobs. This allows for firmware upgrades to be initiated by unauthenticated FTP access, copying firmware files to the printer via CIFS, or possibly other means as well. It is unclear at this time what strength the in place measures are to ensure that firmware files contain legitimate firmware data for the printer. Simple CRC-32 checksums, or other similar means may allow attackers to create firmware files containing data sufficient to pass the printers built-in validity checks. If an attacker can upgrade affected printers with arbitrary firmware files, they may be able to either crash affected machines, replace the firmware code with malicious executable code,...
It is reported that HP LaserJet 4200 and 4300 printers are susceptible to an arbitrary firmware upgrade vulnerability. This vulnerability is due to the method of upgrading the firmware on affected devices. According to HP upgrade documentation, these printers can upgrade their firmware by sending them specially formatted print jobs. This allows for firmware upgrades to be initiated by unauthenticated FTP access, copying firmware files to the printer via CIFS, or possibly other means as well. It is unclear at this time what strength the in place measures are to ensure that firmware files contain legitimate firmware data for the printer. Simple CRC-32 checksums, or other similar means may allow attackers to create firmware files containing data sufficient to pass the printers built-in validity checks. If an attacker can upgrade affected printers with arbitrary firmware files, they may be able to either crash affected machines, replace the firmware code with malicious executable code, or possibly render the printer useless until the firmware is repaired or replaced. Attackers would be able to perform this upgrade without authentication, via the network. Other printers may also be affected.
