Login Sign Up

CVE-2021-3705

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2021-3705 is a critical vulnerability in certain HP LaserJet Pro printers that allows unauthorized attackers to reconfigure or factory reset devices without authentication. This affects HP LaserJet Pro printers with specific firmware versions. Attackers can exploit this vulnerability over the network to gain control of affected printers.

💻 Affected Systems

Products:
  • HP LaserJet Pro printers
Versions: Specific firmware versions as detailed in HP advisory HPSBPI03741
Operating Systems: Printer firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific HP LaserJet Pro models with vulnerable firmware versions. Check HP advisory for exact model numbers.

📦 What is this software?

Laserjet Pro J8h60a Firmware by Hp

View all CVEs affecting Laserjet Pro J8h60a Firmware →

Laserjet Pro J8h61a Firmware by Hp

View all CVEs affecting Laserjet Pro J8h61a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of printer functionality, including device reconfiguration, data exposure from print jobs, and potential use as an internal network pivot point.

🟠

Likely Case

Unauthorized factory resets disrupting printer operations, configuration changes causing service interruptions, and potential exposure of sensitive printed documents.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized network access to printer management interfaces.

🌐 Internet-Facing: HIGH - Printers exposed to the internet can be directly attacked without any authentication required.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems can exploit this vulnerability to disrupt printing services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the printer but no authentication, making it relatively simple to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates as specified in HP Security Bulletin HPSBPI03741

Vendor Advisory: https://support.hp.com/us-en/document/ish_4411563-4411589-16/hpsbpi03741

Restart Required: Yes

Instructions:

1. Visit HP support site and download latest firmware for your printer model. 2. Upload firmware to printer via web interface or network management tools. 3. Apply update and restart printer as prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate printers on separate VLANs with strict firewall rules limiting access to management interfaces.

Disable Unnecessary Services

all

Disable remote management features not required for operations.

🧯 If You Can't Patch

  • Implement strict network access controls to limit printer management interface access to authorized administrators only.
  • Monitor printer logs for unauthorized configuration changes or factory reset events.

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface or management console and compare against HP's vulnerable versions list.

Check Version:

Access printer web interface at http://[printer-ip] and navigate to Information or Settings page to view firmware version.

Verify Fix Applied:

Verify firmware version has been updated to non-vulnerable version specified in HP advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected factory reset events
  • Configuration changes from unauthorized IP addresses
  • Failed authentication attempts on management interface

Network Indicators:

  • Unusual HTTP/HTTPS traffic to printer management ports (typically 80, 443, 9100)
  • Configuration requests from non-admin IP addresses

SIEM Query:

source="printer_logs" AND (event="factory_reset" OR event="config_change") AND user="unknown"

📊 Metadata

CVE ID: CVE-2021-3705
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON