Hardware vendor Hewlett Packard is sounding the alarm over two vulnerabilities in some of its popular printers, urging customers to update their HP equipment as soon as possible.
“Two security vulnerabilities have been identified with certain HP Inkjet printers,” according to an advisory posted to the company’s Support forum last week. The flaws in question are labeled CVE-2018-5924 and CVE-2018-5925.
“A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution,” HP explains.
The company has provided firmware updates for the affected products, including Pagewide Pro, DesignJet, OfficeJet, DeskJet and Envy printers.
“To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software,” HP instructs customers.
Complete instructions on how to apply the patches can be found here.
The disclosure comes after HP joined a bug bounty program that allows it to reward ethical hackers in exchange for finding and reporting vulnerabilities in its products.
Some 30% of Chief Information Security Officers (CISOs) are now considering signing up for a vulnerability disclosure / bug bounty program in the coming year, a Bugcrowd study has shown.