Pulse

By GCN Staff

Blog archive
Printer

Some Samsung, Dell printers vulnerable to remote attackers

Some Samsung and Dell printers made by Samsung have a firmware flaw that could allow unauthenticated users access to sensitive information on the devices, according to a notice  released this week by the U.S. Computer Emergency Response Team.

US-CERT said the popular government printers contain a hardcoded Simple Network Management Protocol (SNMP) full read-write string that could give an unauthenticated user access to information on the device, “even when the protocol is disabled in the printer management utility." The SNMP is used to monitor the status of remote devices.

An attacker with administrative read/write privileges could therefore access information, make changes to the device configuration and even have, “the ability to leverage further attacks through arbitrary code execution,” according to US-CERT.

Samsung and Dell said models released after Oct. 31, 2012 are not affected by the vulnerability. Samsung added that it is “committed to releasing updated firmware for all current models by Nov. 30, with all other models receiving an update by the end of the year.”

In the meantime, CERT said blocking the custom SNMP trap port of 1118/udp could help lower the risks posed by the backdoor. It also recommended network administrators to allow connections only from trusted hosts and networks.

“Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location,” it said.

Posted by Paul McCloskey on Nov 29, 2012 at 9:39 AM


Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.