HP has issued a warning (opens in new tab) to enterprise prospects utilizing sure LaserJet printer fashions that they need to stay vigilant and take steps to deal with a vulnerability that might see undesirable data disclosure happen.
CVE-2023-1707 was awarded a rating of 9.1 making it of important severity. Its description reads: “Sure HP Enterprise LaserJet and HP LaserJet Managed Printers are probably susceptible to data disclosure when IPsec is enabled with FutureSmart model 5.6.”
The {hardware} and infrastructure big has introduced plans to situation a firmware replace inside 90 days, advising prospects to downgrade firmware within the meantime to stop undesirable assaults.
HP LaserJet printer vulnerability
The corporate confirmed that affected prospects are working FutureSmart 5.6, software program designed to allow printer configuration from the management panel or a devoted internet web page. Affected customers will even have IPsec enabled.
A full checklist of the affected HP Enterprise LaserJet and HP LaserJet Managed Printers fashions might be discovered on the safety discover (opens in new tab), which suggests a brief downgrade to model 5.5.0.3 of the firmware for a interval of as much as three months whereas HP works on a repair.
With laser printing coming underneath scrutiny for its environmental impacts, similar to excessive power utilization, dissatisfied prospects unwilling to attend 90 days could also be tempted to think about new {hardware}.
The corporate just lately introduced new Colour LaserJet printers that promise to scale back power consumption by as much as 27%. ITDMs much less loyal to HP particularly might also wish to take into account transferring to rival manufacturers like Epson, which earlier this yr introduced new inkjet printers that use 1 / 4 of a typical laser printer’s power whereas matching printing speeds.
Regardless, producer safety recommendation ought to all the time be adhered to, and a firmware downgrade is a should for any enterprise that values safety forward of a patch.