HP corrige falha de segurança que atinge 150 modelos de impressoras

Pesquisadores descobriram que pelo menos 150 modelos de impressoras multifuncionais da HP sofrem com várias brechas que podem levar ao vazamento de dados e execução remota de códigos maliciosos. As vulnerabilidades estão presentes em dispositivos lançados desde 2013, o que significa que, potencialmente, foram usadas para ataques virtuais durante os últimos oito anos.

• Grupo lança correção não oficial para vulnerabilidade de dia zero do Windows
• Operação global contra fraudes por e-mail prende mais de 1 mil pessoas

As falhas foram documentadas como CVE-2021-39237 e CVE-2021-39238. As vulnerabilidades mais críticas delas foram corrigidas na atualização de firmware para as impressoras afetadas lançadas pela HP no começo de novembro.

São duas falhas. A primeira, CVE-2021-39237, explora duas entradas físicas das impressoras e permitem o controle remoto total, inclusive com roubo de informações da máquina local. A segunda, CVE-2021-39238, é ainda mais grave, pois permite a execução de comandos maliciosos que podem se espalhar pela rede.

-
Podcast Porta 101: a equipe do Canaltech discute quinzenalmente assuntos relevantes, curiosos, e muitas vezes polêmicos, relacionados ao mundo da tecnologia, internet e inovação. Não deixe de acompanhar.
-

Além da atualização de firmware das impressoras, a HP recomenda que as seguintes ações sejam tomadas para diminuir ainda mais o risco:

• Desabilitar impressão via USB;
• Deixar a impressora conectada em uma rede separada para evitar propagação de ameaças, e limitar quem pode acessá-la;
• Configurar um servidor exclusivo para comunicação entre computadores e as impressoras.

As atualizações de firmware para as impressoras podem ser baixadas no site oficial da HP.

Dispositivos afetados

Confira a lista abaixo das impressoras afetadas:

• HP Color LaserJet Enterprise CM4540 MFP series
• HP Color LaserJet Enterprise Flow MFP M578
• HP Color LaserJet Enterprise MFP M578
• HP Color LaserJet Enterprise Flow MFP M880z
• HP Color LaserJet Managed Flow MFP M880zm
• HP Color LaserJet Enterprise M455
• HP Color LaserJet Enterprise M552
• HP Color LaserJet Enterprise M553
• HP Color LaserJet Managed M553
• HP Color LaserJet Enterprise M555 Printer series
• HP Color LaserJet Enterprise M651
• HP Color LaserJet Managed M651
• HP Color LaserJet Enterprise M652
• HP Color LaserJet Enterprise M653
• HP Color LaserJet Enterprise M750
• HP Color LaserJet Enterprise M751 series
• HP Color LaserJet Managed E75245
• HP Color LaserJet Enterprise M855 Printer series
• HP Color LaserJet Enterprise MFP M480 series
• HP Color LaserJet Enterprise MFP M577
• HP Color LaserJet Enterprise Flow MFP M577
• HP Color LaserJet Enterprise MFP M680
• HP Color LaserJet Enterprise Flow MFP M680
• HP Color LaserJet Enterprise MFP M681
• HP Color LaserJet Enterprise Flow MFP M681
• HP Color LaserJet Enterprise MFP M682
• HP Color LaserJet Enterprise Flow MFP M682
• HP Color LaserJet Enterprise MFP M776HP Color LaserJet Enterprise Flow MFP M776
• HP Color LaserJet Enterprises CP5525
• HP Color LaserJet Managed E45028
• HP Color LaserJet Managed E55040dw
• HP Color LaserJet Managed E65050/60
• HP Color LaserJet Managed E85055
• HP Color LaserJet Managed MFP E47528 series
• HP Color LaserJet Managed MFP E57540
• HP Color LaserJet Managed Flow MFP E57540
• HP Color LaserJet Managed MFP E67550/60
• HP Color LaserJet Managed Flow MFP E67550/60
• HP Color LaserJet Managed MFP E67650/60
• HP Color LaserJet Managed MFP E77422-E77428 series
• HP Color LaserJet Managed MFP E77822/25/30
• HP Color LaserJet Managed Flow MFP E77822/25/30
• HP Color LaserJet Managed MFP E78323/30
• HP Color LaserJet Managed MFP E87640/50/60
• HP Color LaserJet Managed Flow MFP E87640/50/60
• HP Color LaserJet Managed MFP E87640du-E87660du series
• HP Color LaserJet Managed MFP M577
• HP Color LaserJet Managed Flow MFP M577
• HP Color LaserJet Managed MFP M680
• HP Color LaserJet Managed Flow MFP M680
• HP Digital Sender Flow 8500 fn2
• HP LaserJet Enterprise 500 color MFP M575
• HP LaserJet Enterprise color Flow MFP M575
• HP LaserJet Enterprise 500 color Printer M551 series
• HP LaserJet Enterprise 500 MFP M525f
• HP LaserJet Enterprise Flow MFP M525
• HP LaserJet Enterprise 600 Printer M601 series
• HP LaserJet Enterprise 600 Printer M602 series
• HP LaserJet Enterprise 600 Printer M603 series
• HP LaserJet Enterprise 700 color MFP M775
• HP Color LaserJet Managed MFP M775
• HP LaserJet Enterprise 700 Printer M712 series
• HP LaserJet Enterprise Flow MFP M830
• HP LaserJet Managed Flow MFP M830
• HP LaserJet Enterprise M406
• HP LaserJet Enterprise M407
• HP LaserJet Enterprise M4555 MFP
• HP LaserJet Enterprise M506
• HP LaserJet Managed M506
• HP LaserJet Enterprise M507
• HP LaserJet Enterprise M604 series
• HP LaserJet Enterprise M605
• HP LaserJet Managed M605 series
• HP LaserJet Enterprise M606 series
• HP LaserJet Enterprise M607 series
• HP LaserJet Enterprise M608 series
• HP LaserJet Enterprise M609 series
• HP LaserJet Enterprise M610 series
• HP LaserJet Enterprise M611 series
• HP LaserJet Enterprise M612 series
• HP LaserJet Enterprise M806
• HP LaserJet Enterprise MFP M430 series
• HP LaserJet Enterprise MFP M431 series
• HP LaserJet Enterprise MFP M527
• HP LaserJet Enterprise Flow MFP M527z
• HP LaserJet Enterprise MFP M528
• HP LaserJet Enterprise MFP M630
• HP LaserJet Enterprise Flow MFP M630
• HP LaserJet Enterprise MFP M631
• HP LaserJet Enterprise Flow MFP M631
• HP LaserJet Enterprise MFP M632
• HP LaserJet Enterprise Flow MFP M632
• HP LaserJet Enterprise MFP M633
• HP LaserJet Enterprise Flow MFP M633
• HP LaserJet Enterprise MFP M634
• HP LaserJet Enterprise Flow MFP M634
• HP LaserJet Enterprise MFP M635
• HP LaserJet Enterprise Flow MFP M635
• HP LaserJet Enterprise MFP M636
• HP LaserJet Enterprise Flow MFP M636
• HP LaserJet Enterprise MFP M725
• HP LaserJet Managed MFP M725
• HP LaserJet Managed 500 color MFP M575
• HP LaserJet Managed color Flow MFP M575
• HP LaserJet Managed 500 MFP M525
• HP LaserJet Managed Flow MFP M525
• HP LaserJet Managed E40040
• HP LaserJet Managed E50045
• HP LaserJet Managed E50145
• HP LaserJet Managed E60055/65/75 series
• HP LaserJet Managed MFP E42540 series
• HP LaserJet Managed MFP E52545
• HP LaserJet Managed Flow MFP E52545c
• HP LaserJet Managed MFP E52645
• HP LaserJet Managed MFP E62555/65
• HP LaserJet Managed Flow MFP E62555/65/75
• HP LaserJet Managed MFP E62655/65
• HP LaserJet Managed Flow MFP E6267
• HP LaserJet Managed MFP E72425/30
• HP LaserJet Managed MFP E72525/30/35
• HP LaserJet Managed Flow MFP E72525/30/35
• HP LaserJet Managed MFP E82540/50/60
• HP LaserJet Managed Flow MFP E82540/50/60
• HP LaserJet Managed MFP E82540/50/60du series
• HP LaserJet Managed MFP M527
• HP LaserJet Managed Flow MFP M527z
• HP LaserJet Managed MFP M630
• HP LaserJet Managed Flow MFP M630
• HP OfficeJet Enterprise Color MFP X585
• HP OfficeJet Managed Color MFP X585
• HP OfficeJet Enterprise Color X555
• HP PageWide Color 755
• HP PageWide Color MFP 774
• HP PageWide Color MFP 779
• HP PageWide Enterprise Color 556
• HP PageWide Enterprise Color 765
• HP PageWide Enterprise Color Flow MFP 785
• HP PageWide Enterprise Color MFP 586
• HP PageWide Enterprise Color Flow MFP 586z
• HP PageWide Enterprise Color MFP 780
• HP PageWide Enterprise Color Flow MFP 780f
• HP PageWide Managed Color E55650
• HP PageWide Managed Color E75160
• HP PageWide Managed Color MFP E58650dn
• HP PageWide Managed Color Flow MFP E58650z
• HP PageWide Managed Color MFP E77650
• HP PageWide Managed Color Flow MFP E77660z
• HP PageWide Managed Color Flow MFP E77650/60z
• HP PageWide Managed Color MFP P77440
• HP PageWide Managed Color MFP P77940/50/60
• HP PageWide Managed Color P75250
• HP ScanJet Enterprise 8500 FN1 Document Capture Workstation series
• HP ScanJet Enterprise Flow N9120 fn2 Document Scanner

Leia a matéria no Canaltech.

Trending no Canaltech:

• Variante Ômicron chega ao Brasil; Anvisa confirma 2 casos
• Conheça o carro elétrico de 3 rodas que será o mais barato do Brasil
• Foto mostra Saturno e seus anéis vistos por sonda da NASA que orbita a Lua
• Tesla Model 3 pega fogo durante carregamento e liga sinal de alerta nos EUA
• Vazam especificações de novo celular da Motorola com Snapdragon 888 Plus

Canal Tech