April 5, 2023

HP Discovers Critical Vulnerability in LaserJet Printers

HP has released an advisory addressing critical vulnerability affecting certain models of HP Enterprise LaserJet and HP LaserJet Managed Printers when IPsec protocol is enabled with FutureSmart firmware version 5.6.

The Vulnerability

• CVE-2023-1707 (CVSS 3.1: 9.1, Critical) – An information disclosure vulnerability. Exploitation of this vulnerability could lead to potential information leak.

Vulnerable Products

For a full list of affected products review the official advisory HPSBPl03838.

Mitigation

At the moment there is no patch available, but in order to mitigate this vulnerability, CYREBRO recommends to downgrade FutureSmart firmware version to FS 5.5.0.3.

References: HP Advisory HPSBPI03838