Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Significant Vulnerabilities Found in 6 Common Printer Brands

In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.

A pair of researchers conducting a six-month survey of popular business printers discovered 49 vulnerabilities in the drivers and software running on the devices. Some of the issues could be remotely exploited to run code on the corporate technology, security firm NCC Group said on August 8.

The research, conducted by NCC researchers Mario Rivas and Daniel Romero, uncovered issues as mild as denial-of-service vulnerabilities and as serious as buffer overflows that could lead to remote code execution. The researchers notified the makers of the affected printers — from Brother, HP, Kyocera, Lexmark, Ricoh and Xerox — of the issues in February, and every manufacturer has patched the issues, NCC stated.

The researchers will walk hackers through their research — including threat modeling and how attackers could use printers to maintain persistence in a corporate network — at the DEF CON hacking conference in Las Vegas this weekend.

"Because printers have been around for so long, they're not seen as enterprise IoT devices — but they're embedded in corporate networks and therefore pose a significant risk," Matt Lewis, research director at NCC Group, said in a statement. "Building security into the development life cycle would mitigate most if not all of these vulnerabilities."

Printers have long been a target of vulnerability researchers and hackers. At the Black Hat Security Briefings in 2002, two security researchers demonstrated that HP printers could be remotely exploited using security weaknesses in a variety of access methods. In 2017, a graduate thesis presented a survey of the security flaws in printers and multifunction devices, identifying more than 125 printer vulnerabilities in the National Vulnerability Database dating back nearly 20 years.

Increasingly, printers are grouped into the broader class of Internet of Things (IoT) devices that can expose companies to attack.

"Printers are commonly overlooked as devices that just 'print' and not as the network devices they are, which implement a lot of capabilities and store really sensitive information — not only documents, but also domain credentials and other secrets," Romero and Rivas said in an e-mail interview. "For this reason, we think that they are very interesting targets for attackers using them as the front door to compromise an organization."

Using some custom automated tools, the NCC Group research uncovered 49 vulnerabilities, as identified by their Common Vulnerability Enumeration (CVE) numbers. The researchers made extensive use of protocol fuzzing and plan to discuss one of their fuzzers at their DEF CON talk.

"We focused our research on [certain] attack surfaces, such as specific printer protocols, services, or implementations," the researchers told Dark Reading. "This is the reason why the different types of printer vulnerabilities found were often common across different brands. As far as we were able to identify, there weren't common components between the different brands."

Brother printers had the fewest vulnerabilities, with three issues found, including two overflows and an information disclosure vulnerability. HP printers had five issues, including multiple buffer overflows, cross-site scripting, and a bypass for countermeasures implemented to prevent cross-site request forgery.

Xerox and Lexmark printers had eight and nine vulnerabilities, respectively, including multiple buffer overflows, cross-site scripting, and information disclosure. Both Ricoh and Kyocera printers had a dozen vulnerabilities each. All four of the most vulnerable printer brands lacked countermeasures to prevent cross-site request forgery.

The researchers noted that they only had time to determine the definite exploitability of a few of the issues.

NCC Group criticized the shortfalls in the security measures implemented by printer manufacturers' software development teams.

"It's very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides, and regularly updating firmware," Lewis said.

Businesses should pay more attention to their printers as potential points of attacks and as devices that could allow an attacker to stay resident inside a network, the NCC Group researchers said.

Related Content

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast Security,  8/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5638
PUBLISHED: 2019-08-21
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user accou...
CVE-2019-6177
PUBLISHED: 2019-08-21
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Le...
CVE-2019-10687
PUBLISHED: 2019-08-21
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVE-2019-11601
PUBLISHED: 2019-08-21
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
CVE-2019-11602
PUBLISHED: 2019-08-21
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.