CVE-2023-35175

Q: What is the severity of CVE-2023-35175?

CVE-2023-35175 has a CVSS score of 9.8 (CRITICAL). HP LaserJet Pro printers are vulnerable to Server-Side Request Forgery (SSRF) that could allow attackers to execute arbitrary code or gain elevated privileges remotely. This affects HP LaserJet Pro print products using the Web Service Eventing model. Attackers could potentially take full control of affected printers.

9.8 CRITICAL

Remote Code Execution SSRF

📋 TL;DR

HP LaserJet Pro printers are vulnerable to Server-Side Request Forgery (SSRF) that could allow attackers to execute arbitrary code or gain elevated privileges remotely. This affects HP LaserJet Pro print products using the Web Service Eventing model. Attackers could potentially take full control of affected printers.

💻 Affected Systems

Products:

HP LaserJet Pro print products

Versions: Specific versions not detailed in advisory; all versions using vulnerable Web Service Eventing model

Operating Systems: Printer firmware/embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects printers with Web Services enabled. Exact model list not specified in provided references.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution leading to complete compromise of the printer, lateral movement to internal networks, and persistent backdoor installation.

🟠

Likely Case

Printer compromise allowing attackers to intercept print jobs, steal credentials, or use the printer as a foothold for internal network attacks.

🟢

If Mitigated

Limited impact if printers are isolated from critical networks and external access is restricted.

🌐 Internet-Facing: HIGH - Printers exposed to the internet are directly exploitable without authentication.

🏢 Internal Only: MEDIUM - Requires attacker to have internal network access, but exploitation is still possible.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities typically have low exploitation complexity. No authentication required based on CVSS score of 9.8.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates available - check HP advisory for specific versions

Vendor Advisory: https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851

Restart Required: Yes

Instructions:

1. Visit HP support site 2. Enter printer model 3. Download latest firmware 4. Install via printer web interface or USB 5. Reboot printer

🔧 Temporary Workarounds

Disable Web Services

all

Turn off Web Services functionality to prevent SSRF exploitation

Access printer web interface > Network > Web Services > Disable

Network Segmentation

all

Isolate printers from critical networks and internet access

Configure firewall rules to restrict printer network access

🧯 If You Can't Patch

Segment printers on isolated VLAN with no internet access
Disable all unnecessary network services on printers

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version against HP advisory. If Web Services are enabled and firmware is outdated, assume vulnerable.

Check Version:

Access printer web interface > Settings > Device Information > Firmware Version

Verify Fix Applied:

Verify firmware version matches patched version in HP advisory and test Web Services functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to internal resources from printer IP
Unexpected firmware update attempts
SSH/Telnet connections from printer

Network Indicators:

Printer making outbound requests to unusual internal IPs/ports
Unexpected traffic from printer to command-and-control servers

SIEM Query:

source_ip=printer_ip AND (http_method=POST OR http_method=GET) AND dest_port!=80,443

📊 Metadata

CVE ID: CVE-2023-35175

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: June 30, 2023

Last Updated: November 21, 2024

🔗 References

https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851 Vendor Advisory
https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Laserjet Pro M304 M305 W1a46a Firmware by Hp

Laserjet Pro M304 M305 W1a47a Firmware by Hp

Laserjet Pro M304 M305 W1a48a Firmware by Hp

Laserjet Pro M304 M305 W1a66a Firmware by Hp

Laserjet Pro M404 M405 93m22a Firmware by Hp

Laserjet Pro M404 M405 W1a51a Firmware by Hp

Laserjet Pro M404 M405 W1a52a Firmware by Hp

Laserjet Pro M404 M405 W1a53a Firmware by Hp

Laserjet Pro M404 M405 W1a56a Firmware by Hp

Laserjet Pro M404 M405 W1a57a Firmware by Hp

Laserjet Pro M404 M405 W1a58a Firmware by Hp

Laserjet Pro M404 M405 W1a59a Firmware by Hp

Laserjet Pro M404 M405 W1a60a Firmware by Hp

Laserjet Pro M404 M405 W1a63a Firmware by Hp

Laserjet Pro M453 M454 W1y40a Firmware by Hp

Laserjet Pro M453 M454 W1y41a Firmware by Hp

Laserjet Pro M453 M454 W1y43a Firmware by Hp

Laserjet Pro M453 M454 W1y44a Firmware by Hp

Laserjet Pro M453 M454 W1y45a Firmware by Hp

Laserjet Pro M453 M454 W1y46a Firmware by Hp

Laserjet Pro M453 M454 W1y47a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a29a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a30a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a32a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a34a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a35a Firmware by Hp

Laserjet Pro Mfp M428 M429 F W1a38a Firmware by Hp

Laserjet Pro Mfp M428 M429 W1a28a Firmware by Hp

Laserjet Pro Mfp M428 M429 W1a31a Firmware by Hp

Laserjet Pro Mfp M428 M429 W1a33a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a75a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a76a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a77a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a78a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a79a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a80a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a81a Firmware by Hp

Laserjet Pro Mfp M478 M479 W1a82a Firmware by Hp