CVE-2023-5671
📋 TL;DR
CVE-2023-5671 is a privilege escalation vulnerability in HP Print and Scan Doctor for Windows that allows local attackers to gain elevated system privileges. This affects Windows users running vulnerable versions of the HP diagnostic software. Attackers must already have local access to exploit this vulnerability.
💻 Affected Systems
- HP Print and Scan Doctor
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access could gain SYSTEM-level privileges, enabling complete system compromise, installation of persistent malware, credential theft, and lateral movement across the network.
Likely Case
Local users or malware with initial foothold could elevate privileges to install additional payloads, bypass security controls, or maintain persistence on compromised systems.
If Mitigated
With proper patch management and least privilege principles, impact is limited to isolated systems where attackers already have local access.
🎯 Exploit Status
Requires local access to the system; typical privilege escalation vectors would be used once local access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest version available through HP support channels
Vendor Advisory: https://support.hp.com/us-en/document/ish_9502679-9502704-16
Restart Required: Yes
Instructions:
1. Visit HP support page for CVE-2023-5671. 2. Download the latest HP Print and Scan Doctor update. 3. Install the update following HP's instructions. 4. Restart the system to ensure changes take effect.
🔧 Temporary Workarounds
Uninstall HP Print and Scan Doctor
windowsRemove the vulnerable software if not needed
Control Panel > Programs > Uninstall a program > Select HP Print and Scan Doctor > Uninstall
Restrict local access
windowsImplement strict access controls to limit who can log into affected systems
🧯 If You Can't Patch
- Uninstall HP Print and Scan Doctor if not required for operations
- Implement application whitelisting to prevent unauthorized execution and monitor for suspicious privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check HP Print and Scan Doctor version in Control Panel > Programs and Features, compare against HP's patched versionCheck Version:
wmic product where name="HP Print and Scan Doctor" get versionVerify Fix Applied:
Verify installed version matches or exceeds the patched version specified in HP's advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events in Windows Security logs (Event ID 4672, 4688)
- Unusual process creation from HP Print and Scan Doctor components
Network Indicators:
- Not applicable - local privilege escalation
SIEM Query:
EventID=4672 OR EventID=4688 | where ProcessName contains "HP Print and Scan Doctor" OR ParentProcessName contains "HP Print and Scan Doctor"