Security researchers have discovered an HP printer driver vulnerability affecting millions of HP, Samsung, and Xerox devices. Tracked as CVE-2021-3438 and marked with CVSS Score 8.8, the high-severity driver flaw could allow attackers to bypass security measures, install programs, delete data, and even create new accounts with elevated user rights. Luckily, HP has already released a security update that can be obtained here (hit “affected products” for a full list of affected printer models). Xerox has also uploaded a document that includes links to security patches designed to address CVE-2021-3438.
This high severity vulnerability, which has been present in HP, Samsung, and Xerox printer software since 2005, affects millions of devices and likely millions of users worldwide. Similar to previous vulnerabilities we have disclosed that remained hidden for 12 years, the impact this could have on users and enterprises that fail to patch is far-reaching and significant.