Patch/Configuration Management, Vulnerability Management

HP warns of new printer flaw

Hewlett-Packard (HP) warned customers this week of a recently discovered vulnerability in two of its printer models that makes personal information accessible to hackers.

HP released a bulletin on Sunday saying the flaw exists in its Color LaserJet 2500 Toolbox for Microsoft Windows and Color LaserJet 4600 Toolbox on Windows.

The flaw opens up personal information to hackers when the printer's Toolbox feature is in its default configuration, according to the HP advisory.

The company has made a fix available through its HP Color LaserJet 2500/4600 Software Update version 3.1.

The flaw is caused by an input validation error in the built-in HTTP server, according to vulnerability monitoring firm Secunia.

Palo Alto, Calif.,-based HP said it was alerted to the flaw by Richard Horsman, a researcher at U.K.-based Sec-1.

Ron O'Brien, senior security analyst at Sophos, said the alert should be a reminder to PC users that flaws occur throughout a system.

"In an interconnected world, vulnerabilities are not confined to browsers and operating systems, and HP's warning serves as a reminder to protect against all means by which hackers might access personal information," he said. "Staying informed of the latest security issues and keeping security products up to date is essential to protecting digital privacy."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.