Hackers Might Gain Admin Rights Through a 16-years-old Vulnerability
Printer Driver Bug in Samsung, Xerox and HP Devices Could Lead to Local Elevation of Privileges.
SentinelLabs has released a new report stating the discovery of CVE-2021-3438, a 16-years-old vulnerability present in printer drivers belonging to HP, Samsung, and Xerox. It has been on those drivers from 2005 and now the researchers have found that the real threat is that this bug could let hackers gain local system privileges.
16-years-old Vulnerability: How Hackers Could Exploit It
As we have mentioned, the 16-years old vulnerability is classified as CVE-2021-3438 having a score of 8.8 on CVSS (Common Vulnerability Scoring System).
It can be found in SSPORT.SYS driver and, as per Bleeping Computer‘s explanation, it has the below characteristics:
- The vulnerable driver is installed automatically alongside the printer software, so the user will not be aware of the installation.
- After each reboot, Windows will run this.
- The real threat is that it gives hackers the possibility to exploit it even though in default of the connection to the targeted device.
- Threat actors can perform cyberattacks by escalating privileges.
- Hackers only need basic users’ access to achieve system privileges. This will lead to running code in kernel mode and deploy the compressed payload in spite of security programs.
- The consequences are data modifying, encryption, deletion, and program installing.
HP and Xerox Take Measures on the 16-years-old Vulnerability
This new-discovered 16-years-old vulnerability is impacting millions of users and devices around the world, being a buffer overflow.
Thus, HP released a security advisory and Xerox a mini bulletin. These documents contain the list of the specific products affected and the patches the companies provided for each of them that should be applied as soon as possible.
Among the HP and Samsung compromised devices, there are HP Color Laser 150 Series, HP Laser 408 Printer Series, HP Laser MFP 432 Series, Samsung CLP-360 Color Laser Printer series, Samsung CLP-365 Color Laser Printer Series, and others, the complete list being present in the released advisory.
This high severity vulnerability, which has been present in HP, Samsung, and Xerox printer software since 2005, affects millions of devices and likely millions of users worldwide. Similar to previous vulnerabilities we have disclosed that remained hidden for 12 years (1, 2), the impact this could have on users and enterprises that fail to patch is far-reaching and significant.
The SentinelLabs’ researchers said that for now there are no signs of the vulnerability being exploited by threat actors. However, users are advised to take immediate measures, check if their printer is affected, and install the above-recommended patches.
Some Windows machines may already have this driver without even running a dedicated installation file since this driver comes with Microsoft Windows via Windows Update.