HP LaserJet printers have a critical security bug - and there's nothing you can do for now

Printer locked
(Image credit: Shutterstock.com)

HP has issued a warning to business customers using certain LaserJet printer models that they should remain vigilant and take steps to tackle a vulnerability that could see unwanted information disclosure occur.

CVE-2023-1707 was awarded a score of 9.1 making it of critical severity. Its description reads: “Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.”

The hardware and infrastructure giant has announced plans to issue a firmware update within 90 days, advising customers to downgrade firmware in the meantime to prevent unwanted attacks.

HP LaserJet printer vulnerability

The company confirmed that affected customers are running FutureSmart 5.6, software designed to enable printer configuration from the control panel or a dedicated web page. Affected users will also have IPsec enabled.

A full list of the affected HP Enterprise LaserJet and HP LaserJet Managed Printers models can be found on the security notice, which suggests a temporary downgrade to version 5.5.0.3 of the firmware for a period of up to three months while HP works on a fix.

With laser printing coming under scrutiny for its environmental impacts, such as high energy usage, dissatisfied customers unwilling to wait 90 days may be tempted to consider new hardware.

The company recently announced new Color LaserJet printers that promise to reduce energy consumption by up to 27%. ITDMs less loyal to HP specifically may also want to consider moving to rival brands like Epson, which earlier this year announced new inkjet printers that use a quarter of a typical laser printer’s energy while matching printing speeds.

Regardless, manufacturer security advice should always be adhered to, and a firmware downgrade is a must for any business that values security ahead of a patch.

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Digital image of a lock.
Xerox printer security risk could let hackers sneak into your systems
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
HP LaserJet 8501x
HP launches world's first printers that can resist quantum computer attacks
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Closing the cybersecurity skills gap
HPE starts contacting victims of 2023 Russian cyberattack
HPE
HPE investigating claims that hacker breached developer environments, source code
Latest in Security
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Latest in News
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Nintendo Switch 2
The Nintendo Switch 2 pre-order date has seemingly been confirmed by Best Buy Canada – here's when you'll be able to order yours
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long