Hewlett Packard (HP) has warned that it will take up to 90 days to address a critical flaw in some of its business-grade printers. The vulnerability, tracked as CVE-2023-1707, affects multiple HP Enterprise LaserJet and HP LaserJet Managed Printers models.
The flaw, which can potentially lead to information disclosure, is located in the firmware of the devices. The exploitation of the flaw can enable hackers to access data transmitted between the vulnerable HP printer and other systems on the same network segment.
The company clarified that information disclosure can only occur by exploiting the flaw on vulnerable devices running FutureSmart firmware version 5.6 and having IPsec enabled. HP has recommended that customers who are currently running FutureSmart 5.6 with IPsec enabled on their printers should immediately revert to a prior firmware version (FutureSmart version 5.5.0.3).
The vendor has also released temporary firmware mitigation to address the flaw.
According to HP, it is not aware of any active exploits, but the company pointed out that the exposure period to this potential vulnerability was limited to mid-February 2023 until the end of March 2023.
HP Enterprise LaserJet and HP LaserJet Managed Printers are widely used in corporate environments, and the vulnerability has the potential to affect numerous businesses, highlighting the importance of promptly addressing any known security issues.
Given the severity of the vulnerability, businesses should take precautions to prevent unauthorized access to their networks.
The IT giant is expected to release a firmware update within 90 days, and users are advised to stay vigilant and install updates as soon as they become available to ensure their systems remain secure.