Login Sign Up

CVE-2021-3440

7.8 HIGH

📋 TL;DR

CVE-2021-3440 is a local privilege escalation vulnerability in HP Print and Scan Doctor, a component of the HP Smart App for Windows. It allows a local attacker with limited privileges to execute arbitrary code with SYSTEM-level permissions. This affects Windows users who have the vulnerable HP software installed.

💻 Affected Systems

Products:
  • HP Print and Scan Doctor
  • HP Smart App for Windows
Versions: Versions prior to HP Print and Scan Doctor version 5.6.0.2499
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability is in the HP Print and Scan Doctor component, which is included with HP Smart App installations on Windows.

📦 What is this software?

Hp Smart by Hp

View all CVEs affecting Hp Smart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could gain full SYSTEM privileges, install malware, steal credentials, or compromise the entire system.

🟠

Likely Case

Malicious local users or malware with limited privileges could elevate to SYSTEM to persist, evade detection, or access protected resources.

🟢

If Mitigated

With proper user access controls and endpoint protection, the risk is reduced, but the vulnerability still presents a significant local threat.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access; not directly exploitable over the internet.
🏢 Internal Only: HIGH - Any compromised user account or malware on a vulnerable system could exploit this to gain full control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access but is considered low complexity once local execution is achieved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HP Print and Scan Doctor version 5.6.0.2499 or later

Vendor Advisory: https://support.hp.com/us-en/document/ish_4120228-4120263-16/hpsbpi03727

Restart Required: No

Instructions:

1. Open HP Smart App. 2. Check for updates in settings. 3. Update HP Print and Scan Doctor to version 5.6.0.2499 or later. 4. Alternatively, download the latest version from HP's official website.

🔧 Temporary Workarounds

Uninstall HP Print and Scan Doctor

windows

Remove the vulnerable component if not needed for printing/scanning functionality.

Control Panel > Programs > Uninstall a program > Select 'HP Print and Scan Doctor' > Uninstall

🧯 If You Can't Patch

  • Restrict local user access to vulnerable systems to trusted users only.
  • Implement application whitelisting to prevent unauthorized execution of exploits.

🔍 How to Verify

Check if Vulnerable:

Check the version of HP Print and Scan Doctor via Control Panel > Programs > Programs and Features, or run: wmic product where name='HP Print and Scan Doctor' get version

Check Version:

wmic product where name='HP Print and Scan Doctor' get version

Verify Fix Applied:

Confirm HP Print and Scan Doctor version is 5.6.0.2499 or higher using the same method.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation with SYSTEM privileges from user contexts
  • Modifications to HP Print and Scan Doctor files or registry keys

Network Indicators:

  • Not applicable; this is a local exploit with no network activity

SIEM Query:

EventID=4688 AND NewProcessName contains 'HP' AND SubjectUserName != 'SYSTEM' AND IntegrityLevel='High'

📊 Metadata

CVE ID: CVE-2021-3440
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: November 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON