Printer vulnerabilities - is it necessary?

Are you disabling your printer protocols nowadays that you don't use? if not, Nessus scans are saying you should.

Apparently, back in Feb 2017 some teenager decided to wake up the security community about how we simply ignore these security settings in our printers. READ

I am having to disable a ton of printer protocols due to vulnerabilities scans recently & OH BOY it's SO fun! <insert sarcasm>

Just curious if you are doing this OR not...OR if you are going to start doing this on your network?

CHEERS & HI5!

Find more posts tagged with

Comments

Phalanx

Interesting. Thanks for this, I'll have to read this at work tomorrow and check it out.

cyberguypr

This is totally unnecessary. Printers do not get attacked, same thing with IoT... oh wait...

Ertaz

Sore subject here. Great place to lose PCI account data. https://www.tenable.com/blog/rooting-a-printer-from-security-bulletin-to-remote-code-execution

stryder144

Here is HP's take on things.

PC509

It's a policy of ours for a long time. Only the necessary services run on brings. Every printer goes through our check sheet.

YFZblu

Sure - but start by not having printers on the internet. Yeesh.

scaredoftests

well maybe some network printers or scanners...

rob42

There's quite an interesting post at https://www.tenable.com/blog called "Rooting a Printer: From Security Bulletin to Remote Code Execution", by Jacob Baines.

JasminLandry

About this blog post, I find it crazy that netcat is installed on there. Why the hell would that tool be installed on a printer?

rob42

JasminLandry wrote: »

About this blog post, I find it crazy that netcat is installed on there. Why the hell would that tool be installed on a printer?

Yes, you see it too!

All I can think is that a linux disto was used 'as is'; someting like the mini.iso, for instance. As it's a linux os, it comes with 'nc'. Just lazy I guess...

mbarrett

JasminLandry wrote: »

About this blog post, I find it crazy that netcat is installed on there. Why the hell would that tool be installed on a printer?

I think this is related to the main concern - someone could use the printer as a pivot for other attacks or scans. Regarding the printer itself, some of the larger ones do have a hard drive, etc. that might hold copies of past print/scan/copy jobs.

SteveLavoie

I think this is related to the main concern - someone could use the printer as a pivot for other attacks or scans. Regarding the printer itself, some of the larger ones do have a hard drive, etc. that might hold copies of past print/scan/copy jobs.

It is something I had always test in a pen test. In SMB, I frequently find network printer with default password, and sometime I found sensitive documents on their hard drive... Payroll, password list etc..

Once, I found a real treasure trove, I found that one employee was stealing information, as he was printing very sensitive document the week before leaving his job. Printer are real snitches