In universal drivers for the HP (HP Universal Print Driver), PCL 6 and PostScript are found critical vulnerabilities that can allow attackers to implement and execute a malicious code, the manufacturer is said. The company has already released updates that cover these holes and recommends installing them immediately.
Image source: HP
Safety problems are associated with third -party components used in drivers. The list of vulnerabilities with the status of critical and have high risk consists of:
- CVE-2017-12652 (execution of arbitrary code);
- CVE-2022-2068 (execution of arbitrary code);
- CVE-2023-45853 (information disclosure);
- CVE-2020-14152 (service refusal).
Universal HP print drivers are supported by thousands of different printer models and are therefore widely used. Independently check whether your printer is affected by the above vulnerabilities, you can use this list of printers from HP.
All versions of the HP universal drivers for printers, excluding the current version 7.3.0.25919, are affected by critical vulnerabilities and should be updated. Recent versions of drivers are available on the page loading page of the HP site.
All old versions of HP drivers in the system should manually be removed after installing a new version, since they are not removed automatically. Administrators are recommended to check twice that the system uses only the latest drivers, and all files of old drivers are deleted.