External risk intelligence

HP LaserJet and PageWide Firmware Information Disclosure and Remote Code Execution Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2022-24292

The vulnerabilities affect various HP printer and PageWide device firmware. While these devices are designed for local office networks, they frequently feature web-based administrative interfaces and network management services that, if misconfigured or exposed via port forwarding, can be reached from the public internet, though such exposure is not the default or intended deployment state.

Remote Code Execution

Hp Laserjet Pro M453 M454 W1y40a Firmware

before 002_2208abefore 2205d

Halo Surface Signal: 3 out of 5 — possibly public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

Certain HP print devices have a critical vulnerability that could allow unauthorized access, leading to information disclosure, denial of service, or remote code execution. The concern at this stage is to confirm if these specific HP devices are present and accessible within the environment.

  • Vulnerabilities in HP printers could expose sensitive information or disrupt operations.
  • This issue affects network-connected printing hardware.
  • Confirm if affected HP print devices are in use and identify potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker could reach vulnerable HP print devices over a network, potentially without any special access or authentication. By interacting with the device's network-facing components, an attacker could trigger a vulnerability that may lead to unauthorized access to sensitive information, disruption of service, or even execution of arbitrary code.

  • Network access is required.
  • Interaction with network services triggers the vulnerability.
  • Risk of information disclosure or code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to access or disrupt HP print devices over a network. This could potentially lead to the disclosure of sensitive information processed by the printer, or cause the device to become unresponsive, impacting print operations.

  • Sensitive print job data could be exposed.
  • Network access could facilitate unauthorized actions.
  • Print services could be disrupted.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects various HP LaserJet and PageWide devices. The first step is to identify all instances of the affected devices, confirm their business criticality and network exposure, and then engage the appropriate asset owner to plan remediation.

  • Identify and confirm device exposure.
  • Confirm accountable asset owners.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the software affected by CVE-2022-24292?

This vulnerability affects the firmware used in specific HP LaserJet Pro and HP PageWide printer models. These devices are designed for office printing and document management tasks, often relying on internal firmware to manage network connectivity, job processing, and administrative settings through local office networks.

How should I understand the risk of CVE-2022-24292?

CVE-2022-24292 represents a serious weakness in how these printers handle data. It allows an attacker to potentially access sensitive information, disrupt print services, or execute malicious commands on the device remotely. This means the printer could be forced to perform unintended actions without authorization.

Do I need special access to trigger this bug?

No. The vulnerability is triggered over a network connection. Because the flaw exists in the device firmware, it does not require an attacker to have physical access to the printer. If the device's network services are reachable, an attacker can attempt to send malicious requests to the printer to exploit the weakness.

Is my printer at risk according to Halo Surface Signal?

Halo Surface Signal notes that while these printers are intended for local networks, they often feature web-based administrative interfaces. If your printer’s management interface is reachable from the public internet—due to port forwarding or misconfiguration—it faces a higher risk of being targeted by external actors compared to a device restricted to a private, internal network.

What are the first steps to address this vulnerability?

Start by identifying if your specific printer model is listed in the vendor advisory. Review the official HP support documentation to verify if a firmware update is available for your device. As a general security measure, ensure that your printers are not directly exposed to the internet and are kept behind a secure firewall to limit unauthorized network access.

References