- Aug 17, 2014
HP has patched a severe vulnerability that has been hidden in a printer driver for 16 years.
On Tuesday, SentinelLabs published an analysis of the vulnerability, tracked as CVE-2021-3438 and issued a CVSS score of 8.8.
The security issue is described as a "potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege."
According to the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005.
The driver in question, SSPORT.SYS, is automatically installed and activated, whether the model was wireless or cabled. The driver is also loaded automatically by Microsoft's Windows operating system on PC boot.
"This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected," the researchers say.