A vulnerability in printer drivers from HP, Samsung, and Xerox allows an attacker who already has access to a computer to gain system privileges and completely take over the system. The vulnerability, designated CVE-2021-3438, has been present in manufacturers’ drivers since 2005. The severity of the vulnerability was assessed on a scale of 1 to 10 with an 8.8.
According to HP, the vulnerable drivers contain a buffer overflow that allows an attacker to increase his rights on the system. In this particular case, it is possible for a standard user to get SYSTEM privileges and run code in kernel mode. Security company SentinelOne discovered the vulnerability and states that it is not known to be exploited yet. However, this would only be a matter of time, researcher Asaf Amir said.
HP was notified of the vulnerabilities on February 18 and 23. On May 19, the company issued an advisory. However, it turned out to be incomplete with regard to printer models. On June 1, HP published a new list of vulnerable printers. It’s about hundreds of vulnerable printer models for which security updates have been released. SentinelOne made the details public today.
–