External risk intelligence

HP LaserJet Firmware Information Disclosure and Remote Code Execution

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2022-24293

The affected devices are office printers. While they contain network-accessible management interfaces, these components are typically deployed within internal, protected corporate or home networks and are not intended for direct exposure to the public internet in standard configurations.

Remote Code Execution

Hp Laserjet Pro M453 M454 W1y40a Firmware

before 002_2208abefore 2205d

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in certain HP print devices that could allow for information disclosure, denial of service, or remote code execution. Given the nature of these devices and their typical network placement, the primary concern is to confirm if any affected printers are exposed in a way that could be exploited.

  • HP printers have a security flaw.
  • Could allow data theft or service disruption.
  • Confirm relevance and potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending specially crafted network traffic to an affected HP printer. This could allow them to disclose sensitive information, disrupt printer operations, or even execute malicious code on the device. The attacker would need network access to the printer, but no special privileges are required to trigger the vulnerability.

  • Requires network access.
  • Triggers vulnerability through network traffic.
  • Leads to information disclosure or code execution.

Live Threat

Current exploitation, exposure, and threat context

Certain HP print devices could allow an attacker to access sensitive information, disrupt normal service, or potentially execute arbitrary code. This could occur when these devices are accessed through their network interfaces.

  • Printer configuration data at risk.
  • Network access could expose device.
  • Information disclosure or service disruption.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects HP LaserJet Pro and PageWide devices, making them susceptible to information disclosure, denial of service, or remote code execution. Identifying the exact location and business criticality of these devices is the first step. Infrastructure, platform, and security teams will likely collaborate on remediation, with the accountable owner coordinating the response based on risk assessment.

  • Owner: Identify the asset owner of affected HP devices.
  • Verify: Confirm device reachability and business criticality.
  • Action: Plan remediation based on identified risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the software affected by CVE-2022-24293?

This vulnerability affects the firmware running on various HP LaserJet Pro and PageWide printer models. These devices are office-grade printing and scanning units used for document management, networking, and print job processing. The flaw resides within the device's internal software, which manages these core printing operations and system communications.

What does CVE-2022-24293 mean for these devices?

CVE-2022-24293 describes a critical security weakness that could allow an unauthorized person to compromise the printer. Depending on the attack, it could lead to information disclosure, where private data is accessed; a denial of service, where the printer stops functioning; or even remote code execution, where an attacker runs their own commands on the device.

How can this vulnerability be triggered?

The vulnerability is triggered through the network, meaning an attacker would send specifically crafted requests to the printer's management interfaces. The bug generally requires the printer to be reachable over the network to process these requests. It is not triggered by standard, legitimate print jobs sent from authorized computers or typical office use.

Do I need to worry if my HP printer is internal?

While the vulnerability is network-based, Halo Surface Signal notes these printers are typically deployed on internal, protected networks rather than directly on the public internet. If your devices are isolated behind a firewall and restricted from external access, the likelihood of an outside attacker reaching the printer's management interface is significantly lower.

What should I do if I use these HP printers?

The first step is to check for and apply the latest firmware updates provided directly by the manufacturer for your specific printer model. Regularly updating firmware ensures that known security weaknesses are addressed. You should also ensure your printer is not directly exposed to the public internet and is only accessible from trusted devices on your private network.

References