CVE-2018-5924

Q: What is the severity of CVE-2018-5924?

CVE-2018-5924 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on affected HP Inkjet printers by sending a maliciously crafted file. The stack buffer overflow can be triggered without authentication, potentially giving attackers full control of the printer. Organizations using vulnerable HP Inkjet printer models are affected.

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected HP Inkjet printers by sending a maliciously crafted file. The stack buffer overflow can be triggered without authentication, potentially giving attackers full control of the printer. Organizations using vulnerable HP Inkjet printer models are affected.

💻 Affected Systems

Products:

HP Inkjet printers (specific models listed in HP advisory)

Versions: Various firmware versions prior to patched versions

Operating Systems: Printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects printers with fax functionality enabled. Check HP advisory for specific model numbers.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of printer allowing attackers to install persistent malware, pivot to internal networks, intercept printed documents, or use printer as botnet node.

🟠

Likely Case

Printer becomes unresponsive or crashes, potentially disrupting printing operations. Attackers may use compromised printers for internal network reconnaissance.

🟢

If Mitigated

Isolated printers with proper network segmentation prevent lateral movement; patched systems remain unaffected.

🌐 Internet-Facing: HIGH - Printers exposed to internet can be directly attacked without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Check Point Research demonstrated exploitation via malicious fax transmission. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in HP Security Bulletin c06097712

Vendor Advisory: https://support.hp.com/us-en/document/c06097712

Restart Required: Yes

Instructions:

1. Visit HP support site. 2. Enter printer model. 3. Download latest firmware. 4. Install via printer web interface or USB. 5. Reboot printer.

🔧 Temporary Workarounds

Disable Fax Functionality

all

Turn off fax capabilities to prevent exploitation via malicious fax transmissions

Network Segmentation

all

Isolate printers on separate VLAN with restricted network access

🧯 If You Can't Patch

Disconnect printers from network or place behind firewall with strict inbound rules
Implement network monitoring for suspicious traffic to printer IPs

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version against HP advisory. Access printer web interface > Settings > System > Firmware.

Check Version:

Not applicable - check via printer web interface or control panel

Verify Fix Applied:

Confirm firmware version matches or exceeds patched version in HP advisory.

📡 Detection & Monitoring

Log Indicators:

Printer crash logs
Unusual fax transmission logs
Firmware update failures

Network Indicators:

Unexpected network traffic to printer ports
Fax protocol anomalies
Outbound connections from printer

SIEM Query:

source_ip=printer AND (event_type=crash OR protocol=fax)

📊 Metadata

CVE ID: CVE-2018-5924

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 13, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/105010 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1041415 Third Party Advisory,VDB Entry
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/ Third Party Advisory
https://support.hp.com/us-en/document/c06097712 Vendor Advisory
http://www.securityfocus.com/bid/105010 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1041415 Third Party Advisory,VDB Entry
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/ Third Party Advisory
https://support.hp.com/us-en/document/c06097712 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

1dt61a Firmware by Hp

1jl02a Firmware by Hp

1jl02b Firmware by Hp

1sh08 Firmware by Hp

2nd31a Firmware by Hp

3aw44a Firmware by Hp

3aw51a Firmware by Hp

3yz74a Firmware by Hp

4sc29a Firmware by Hp

4uj28b Firmware by Hp

A7f64a Firmware by Hp

A7f65a Firmware by Hp

A7f66a Firmware by Hp

A9j40a Firmware by Hp

A9j41 Firmware by Hp

A9t80a Firmware by Hp

A9t80b Firmware by Hp

A9t89a Firmware by Hp

A9u19a Firmware by Hp

A9u23 Firmware by Hp

A9u28b Firmware by Hp

B4l03 Firmware by Hp

B4l08a Firmware by Hp

B9s56a Firmware by Hp

B9s57c Firmware by Hp

B9s58a Firmware by Hp

B9s76 Firmware by Hp

C9s13a Firmware by Hp

Cm749a Firmware by Hp

Cm750a Firmware by Hp

Cn216a Firmware by Hp

Cn459a Firmware by Hp

Cn460a Firmware by Hp

Cn461a Firmware by Hp

Cn463a Firmware by Hp

Cn577a Firmware by Hp

Cn581a Firmware by Hp

Cn583a Firmware by Hp

Cn598a Firmware by Hp

Cq176 Firmware by Hp

Cq176a Firmware by Hp

Cq183a Firmware by Hp

Cq761a Firmware by Hp

Cq890a Firmware by Hp

Cq890ar Firmware by Hp

Cq890b Firmware by Hp

Cq890c Firmware by Hp

Cq890d Firmware by Hp

Cq890e Firmware by Hp

Cq891a Firmware by Hp

Cq891ar Firmware by Hp

Cq891b Firmware by Hp

Cq891c Firmware by Hp

Cq893a Firmware by Hp

Cq893ar Firmware by Hp

Cq893b Firmware by Hp

Cq893c Firmware by Hp

Cq893e Firmware by Hp

Cr768a Firmware by Hp

Cr769a Firmware by Hp

Cr771a Firmware by Hp

Cr7770a Firmware by Hp

Cv037a Firmware by Hp

Cv136a Firmware by Hp

Cx017a Firmware by Hp

Cx042 Firmware by Hp

Cz025a Firmware by Hp

Cz045a Firmware by Hp

Cz152a Firmware by Hp

Cz276a Firmware by Hp

Cz282a Firmware by Hp

Cz283a Firmware by Hp

Cz284a Firmware by Hp

Cz292a Firmware by Hp

Cz293a Firmware by Hp

Cz294a Firmware by Hp

Cz992a Firmware by Hp