Overview
A 16-year-old, high severity security vulnerability (CVE-2021-3438) was discovered by SentinelLABS in HP, Samsung and Xerox printers.
Description
SentinelLABS reported a high severity security vulnerability that exist in HP, Samsung and Xerox printers. The identified security flaw is of buffer overflow type that exist in the printer driver called SSPORT.SYS.
The 16-year-old security flaw stems from improper bounds checking of user input size in one of the functions employed in the printer driver named SSPORT.SYS. Specifically, it is the strncpy function that allows users to copy input strings with a user specified size, leading malicious parties to overflow the buffer used by the driver.
SSPORT.sys)Due to the vulnerability, local unprivileged attackers could elevate their privileges to SYSTEM level and run arbitrary code in kernel mode, leading to unauthorized disclosure, modification or destruction of data.
What is worth noting about the vulnerable driver is that it gets installed and activated on the computers just by running the printer software, without further permission by the users or any notification. Once installed, the driver will be running on the installed computers even if there is no printer connected to them.
The discovered vulnerability affects over 300 different HP, Samsung and Xerox printer models. The good news is that it was not detected to be actively exploited currently and patches for the affected products have already been released.
Impact
A local adversary who successfully exploit the vulnerability (CVE-2021-3438) by causing memory corruption in the printer driver could elevate their privileges to SYSTEM level and run arbitrary code in kernel mode, leading to unauthorized disclosure, modification or destruction of data.
Impact Summary
Category: Buffer Overflow
CVSS 3.1 Base Score: 7.8 High
CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Solution (Update)
The printer driver vulnerability (CVE-2021-3438) can be remediated by updating the drivers to their most recent versions. For more information about the updates/patches for this vulnerability, please refer to the HP/Samsung Security Advisory HPSBPI03724 or Xerox security Bulletin XRX21K.
One single vulnerability all an attacker needs.
Window Snyder
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
- https://nvd.nist.gov (CVE-2021-3438)
- SentinelLABS report on the Print Driver Vulnerability (CVE-2021-3438)
- HP/Samsung Security Advisory HPSBPI03724
- Xerox security Bulletin XRX21K.
To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?
