Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
schneierBruce SchneierSCHNEIER:1ACB6433F1A35859B4C855FEA7397F47
HistoryJul 22, 2021 - 3:41 p.m.

Nasty Windows Printer Driver Vulnerability

2021-07-2215:41:58
Bruce Schneier
www.schneier.com
47

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

From SentinelLabs, a critical vulnerability in HP printer drivers:

> Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.
>
> If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.
>
> The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.

Look for your printer here, and download the patch if there is one.

Related

attackerkb 1
threatpost 1
thn 1
hp 1
githubexploit 2
nessus 1
prion 1
trellix 2
cve 1
malwarebytes 1
attackerkb
attackerkb
CVE-2021-3438
2021-05-20 00:00:00
threatpost
threatpost
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
2021-07-20 13:31:50
thn
thn
16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
2021-07-20 11:35:00
hp
hp
Certain HP LaserJet products and Samsung product print driver software - Escalation of privilege
2021-05-19 00:00:00
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Hp Color Laser 150 4Zb94A
2021-07-28 09:36:42
Exploit for Classic Buffer Overflow in Samsung Proxpress Sl-C3010 Ss210J
2021-07-27 06:05:08
nessus
nessus
HP, Samsung, and Xerox Printer Driver Privilege Escalation (CVE-2021-3438)
2021-07-30 00:00:00
prion
prion
Buffer overflow
2021-05-20 14:15:00
trellix
trellix
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
2023-01-24 00:00:00
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
2023-01-24 00:00:00
cve
cve
CVE-2021-3438
2021-05-20 14:15:00
malwarebytes
malwarebytes
Millions of Windows machines affected by ancient printer vulnerability
2021-07-22 12:24:32

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for SCHNEIER:1ACB6433F1A35859B4C855FEA7397F47
attackerkb1threatpost1thn1hp1githubexploit2nessus1prion1trellix2cve1malwarebytes1