Researchers have discovered a 16-year-old printer driver vulnerability that affects millions of printers worldwide, to include HP, Samsung and Xerox printer models.
SentinelLabs has discovered the high severity vulnerability CVE-2021-3438 that they say has affected millions of printers since 2005. HP has since released driver security updates on May 19, 2021 that fix the vulnerability.
“Many of these drivers come preloaded on devices or get silently dropped when installing some innocuous legitimate software bundle and their presence is entirely unknown to the users. These OEM drivers are often decades old and coded without concern for their potential impact on the overall integrity of those systems,” Asaf Amir of SentinelLabs wrote in a blog post.
An attacker could exploit the kernel driver vulnerability CVE-2021-3438 (which has a CVSS score of 8.8) and run with the same privileges as the SYSTEM account.
As a consequence, the actor could potentially run malicious code in kernel mode, install programs, view, change, encrypt or delete data, as well as create new accounts with full user rights.
On a related note, printer vulnerabilities and issues have been in the spotlight just recently with PrintNightmare, a severe remote code execution (RCE) vulnerability that affected the Windows Print Spooler service under active attacks in the wild.