HP has issued warnings on three critical-severity flaws affecting hundreds of the company’s printer models.
The models include LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet.
The three flaws include two critical and one high-severity vulnerability. The three flaws could be exploited for information disclosure, remote code execution, and denial of service.
The three vulnerabilities are tracked as CVE-2022-24291, a high severity flaw that comes with a CVSS score of 7.5, CVE-2022-24292, a critical severity flaw with a CVSS score of 9.8, and CVE-2022-24293, a critical severity flaw with a 9.8 CVSS rating.
Admins are advised to update their printer firmware to the designated versions. However, this is flawed since it isn’t available for all impacted models.
While there is no mitigation for one of the listed LaserJet Pro models, other models admins can mitigate the issue by installing the latest available firmware version on HP’s official software portal.
For more information, read the original story in BleepingComputer.
