Hewlett Packard Inc. has announced firmware updates for their different ink printers to state a couple of serious flaws that can be activity for isolated code execution.
According to the Hewlett Packard Product Security Response Team, the Inkjet printers of the company are distressed by vulnerabilities that permit a hacker to generate a heap or fix buffer excess and perform random code by sending a particularly fashioned file to a marked device.
The flaws are chased as CVE-2018-5924 and CVE-2018-5925, and they both have been allotted a CVSS score of 9.8.
Hewlett Packard has collected a list of unevenly 160 influenced products, containing PageWide, DesignJet, Officejet, Deskjet, Envy and Photosmart devices. The firmware updates for each influenced product can be gained from website of the company.
It was not the first time ever any distant code execution vulnerability has been identified in Hewlett Packard printers. Researchers exposed different possibly critical flaws the previous year in some printers of HP enterprise, containing an RCE flaw moving LaserJet Enterprise, PageWide Enterprise, LaserJet Managed and OfficeJet Enterprise printers.
Hewlett Packard newly pronounced the launch of a private vulnerability bounty program that delivers up to $10,000 for critical flaws identified in the printers of the company. HP had invited thirty four researchers by the time the ingenuity was revealed. The program conceals HP LaserJet Firm printers and A3 and A4, along with the HP PageWide Enterprise printers and A3 and A4.