CVE-2024-0794
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected HP printers by sending specially crafted PDF files containing malicious fonts. Attackers could gain full control of the printer, potentially accessing network resources or using the printer as a foothold for further attacks. Organizations using HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed printers are affected.
💻 Affected Systems
- HP LaserJet Pro
- HP Enterprise LaserJet
- HP LaserJet Managed Printers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full printer compromise leading to persistent attacker access, lateral movement to internal networks, data exfiltration, and potential ransomware deployment across connected systems.
Likely Case
Printer takeover enabling unauthorized printing, configuration changes, credential harvesting from print jobs, and denial of service through printer disruption.
If Mitigated
Limited impact with network segmentation preventing lateral movement, though printer functionality could still be disrupted.
🎯 Exploit Status
Exploitation requires sending a malicious PDF to the printer, which could be done through normal print jobs or direct network communication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates specified in HP advisories
Vendor Advisory: https://support.hp.com/us-en/document/ish_10174031-10174074-16/
Restart Required: Yes
Instructions:
1. Identify affected printer models. 2. Visit HP support site. 3. Download latest firmware for your specific model. 4. Apply firmware update through printer web interface or HP tools. 5. Verify update completion and restart printer.
🔧 Temporary Workarounds
Network Segmentation
allIsolate printers on separate VLANs with strict firewall rules to prevent direct internet access and limit lateral movement.
Disable PDF Printing
allConfigure printers to reject PDF files or convert them to other formats before processing.
🧯 If You Can't Patch
- Segment printers from critical networks and implement strict access controls
- Monitor printer network traffic for suspicious PDF submissions and implement print job auditing
🔍 How to Verify
Check if Vulnerable:
Check printer firmware version against HP advisory lists for affected versions.Check Version:
Access printer web interface > Settings > System Information > Firmware VersionVerify Fix Applied:
Confirm firmware version matches or exceeds patched versions listed in HP advisories.📡 Detection & Monitoring
Log Indicators:
- Unusual print job submissions, firmware modification attempts, unexpected printer reboots
Network Indicators:
- Large PDF files sent to printers, suspicious network connections from printer IPs
SIEM Query:
source="printer_logs" AND (event="firmware_change" OR event="unexpected_reboot" OR file_type="pdf" AND size>threshold)