CVE-2022-24291

Q: What is the severity of CVE-2022-24291?

CVE-2022-24291 has a CVSS score of 7.5 (HIGH). This vulnerability in certain HP Print devices could allow attackers to access sensitive information, disrupt printing services, or potentially execute malicious code remotely. It affects HP printers with specific firmware versions that are exposed to network access.

7.5 HIGH

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability in certain HP Print devices could allow attackers to access sensitive information, disrupt printing services, or potentially execute malicious code remotely. It affects HP printers with specific firmware versions that are exposed to network access.

💻 Affected Systems

Products:

HP LaserJet Pro printers
HP Color LaserJet Pro printers
HP PageWide Pro printers

Versions: Firmware versions prior to 2022.04.21

Operating Systems: Embedded printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects printers with web management interface enabled and network connectivity.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Information disclosure exposing sensitive printer data and configuration details, potentially enabling further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH - Printers directly exposed to the internet are highly vulnerable to exploitation attempts.

🏢 Internal Only: MEDIUM - Internal network exposure still presents risk from compromised internal hosts or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Based on CVSS score and description, exploitation appears straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 2022.04.21 or later

Vendor Advisory: https://support.hp.com/us-en/document/ish_5950417-5950443-16

Restart Required: Yes

Instructions:

1. Access printer web interface. 2. Navigate to firmware update section. 3. Download latest firmware from HP support site. 4. Upload and install firmware update. 5. Reboot printer after installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate printers on separate VLAN with restricted access

Disable Web Interface

all

Turn off printer web management interface if not required

🧯 If You Can't Patch

Implement strict network access controls to limit printer exposure
Monitor printer network traffic for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface or control panel. Compare against vulnerable versions.

Check Version:

Access printer web interface at http://[printer-ip] and navigate to Information or Settings page

Verify Fix Applied:

Confirm firmware version is 2022.04.21 or later and test web interface functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual web interface access patterns
Multiple failed authentication attempts
Unexpected firmware modification attempts

Network Indicators:

Unusual traffic to printer web ports (80/443)
Suspicious HTTP requests to printer management endpoints

SIEM Query:

source="printer_logs" AND (event="web_access" OR event="auth_failure") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2022-24291

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: March 23, 2022

Last Updated: November 21, 2024

🔗 References

https://support.hp.com/us-en/document/ish_5950417-5950443-16 Vendor Advisory
https://support.hp.com/us-en/document/ish_5950417-5950443-16 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Laserjet Pro M304 M305 W1a46a Firmware by Hp

Laserjet Pro M304 M305 W1a47a Firmware by Hp

Laserjet Pro M304 M305 W1a47a Firmware by Hp

Laserjet Pro M304 M305 W1a48a Firmware by Hp

Laserjet Pro M304 M305 W1a51a Firmware by Hp

Laserjet Pro M304 M305 W1a52a Firmware by Hp

Laserjet Pro M304 M305 W1a53a Firmware by Hp

Laserjet Pro M304 M305 W1a56a Firmware by Hp

Laserjet Pro M304 M305 W1a57a Firmware by Hp

Laserjet Pro M304 M305 W1a58a Firmware by Hp

Laserjet Pro M304 M305 W1a59a Firmware by Hp

Laserjet Pro M304 M305 W1a60a Firmware by Hp

Laserjet Pro M304 M305 W1a63a Firmware by Hp

Laserjet Pro M304 M305 W1a66a Firmware by Hp

Laserjet Pro M404 M405 93m22a Firmware by Hp

Laserjet Pro M453 M454 W1y40a Firmware by Hp

Laserjet Pro M453 M454 W1y41a Firmware by Hp

Laserjet Pro M453 M454 W1y43a Firmware by Hp

Laserjet Pro M453 M454 W1y44a Firmware by Hp

Laserjet Pro M453 M454 W1y45a Firmware by Hp

Laserjet Pro M453 M454 W1y46a Firmware by Hp

Laserjet Pro M453 M454 W1y47a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a29a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a30a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a32a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a34a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a35a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a38a Firmware by Hp

Laserjet Pro Mfp M428 M429 W1a28a Firmware by Hp

Laserjet Pro Mfp M428 M429 W1a31a Firmware by Hp

Laserjet Pro Mfp M428 M429 W1a33a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a75a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a76a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a77a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a78a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a79a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a80a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a81a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a82a Firmware by Hp

Officejet Pro 8210 D9l63a Firmware by Hp

Officejet Pro 8210 D9l64a Firmware by Hp

Officejet Pro 8210 J3p65a Firmware by Hp

Officejet Pro 8210 J3p66a Firmware by Hp

Officejet Pro 8210 J3p67a Firmware by Hp

Officejet Pro 8210 J3p68a Firmware by Hp

Officejet Pro 8216 T0g70a Firmware by Hp

Officejet Pro 8730 D9l20a Firmware by Hp

Officejet Pro 8730 K7s32a Firmware by Hp

Officejet Pro 8740 D9l21a Firmware by Hp

Officejet Pro 8740 J6x83a Firmware by Hp

Officejet Pro 8740 K7s39a Firmware by Hp

Officejet Pro 8740 K7s40a Firmware by Hp

Officejet Pro 8740 K7s41a Firmware by Hp

Officejet Pro 8740 K7s42a Firmware by Hp

Officejet Pro 8740 K7s43a Firmware by Hp

Officejet Pro 8740 T0g65a Firmware by Hp

Pagewide 352dw J6u57a Firmware by Hp

Pagewide 377dw J9v80a Firmware by Hp

Pagewide Managed P55250dw J6u51b Firmware by Hp

Pagewide Managed P55250dw J6u55a Firmware by Hp

Pagewide Managed P55250dw J6u55b Firmware by Hp

Pagewide Managed P57750dw J9v82a Firmware by Hp

Pagewide Pro 452dn D3q15a Firmware by Hp

Pagewide Pro 452dw D3q16a Firmware by Hp

Pagewide Pro 477dn D3q19a Firmware by Hp

Pagewide Pro 477dw D3q20a Firmware by Hp

Pagewide Pro 552dw D3q17a Firmware by Hp

Pagewide Pro 577dw D3q21a Firmware by Hp

Pagewide Pro 577z K9z76a Firmware by Hp