Buffer overflow in HP LaserJet products and Samsung printers

Published: 2021-05-20 | Updated: 2023-06-14

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2021-3438
CWE-ID	CWE-119
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	ssport.sys Hardware solutions / Drivers
Vendor	Microsoft

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU55241

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3438

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the software drivers. A local user can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Below is the list of printer models with the vulnerable driver.

Affected products
Product Name	Model	Software Version
HP Color Laser 150 Series	4ZB94A, 4ZB95A	Printer_CVE-2021-3438_update.exe HP_Color_Laser_150_Full_Software_and_Drivers_1.16.exe HP_Color_Laser_150_Print_Drivers_1.16.exe HP_Color_Laser_150_Driver.exe
HP Color Laser MFP 170 Series - 178/179	4ZB96A, 4ZB97A, 6HU08A, 6HU09A	Printer_CVE-2021-3438_update.exe HP_Color_Laser_MFP_178_179_Full_Software_and_Drivers_1.15.exe HP_Color_Laser_MFP_178_179_Driver.exe HP_Color_Laser_MFP_178_179_Print_Scan_Drivers_1.15.exe
HP Laser 100 Series - 103/107/108	4ZB81A, 5UE14A, 209U7A, 4ZB79A, 4ZB80A	Printer_CVE-2021-3438_update.exe HP_Laser_103_107_108_Print_Driver_1.16.exe HP_Laser_103_107_108_Full_Software_and_Drivers_1.16.exe HP_Laser_103_107_108_Driver.exe
HP Laser 408 Printer Series	7UQ75A	Printer_CVE-2021-3438_update.exe HP_Laser_408_Print_Driver_Add_Printer_1.06.exe HP_Laser_408_Print_Driver_1.06.exe
HP Laser MFP 130 Series - 131/133/135/137/138	4ZB92A, 4ZB93A, 4ZB82A, 6HU10A, 5UE15A, 4ZB83A, 6HU11A, 4ZB85A, 4ZB87A, 4ZB86A, 9VV52A, 4ZB84A, 6HU12A, 4ZB91A, 4ZB88A, 4ZB89A, 4ZB90A	Printer_CVE-2021-3438_update.exe HP_ Laser_MFP_131_133_135-138_Full_Software_and_Drivers_1.15.exe HP_ Laser_MFP_131_133_135-138_Print_Scan_Drivers_1.15.exe HP_ Laser_MFP_131_133_135-138_Driver.exe
HP Laser MFP 432 Series	7UQ76A	Printer_CVE-2021-3438_update.exe HP_Laser_MFP_432_Print_Scan_Drivers_1.07.exe HP_Laser_MFP_432_Print_Driver_only_1.07.exe HP_Laser_MFP_432_Full_Software_and_Drivers_1.07.exe
HP LaserJet MFP M4252x Series	7AB26A, 7ZB25A, 7ZB72A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M42523-M42625_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Driver_only_V1.04.exe
HP LaserJet MFP M4262x Series	8AF49A, 8AF50A, 8AF51A, 8AF52A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M42523-M42625_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Driver_only_V1.04.exe
HP LaserJet MFP M433 Printer Series	1VR14A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M433_Full_Software_and_Drivers_1.03.exe HP_LaserJet_MFP_M433_Print_Driver_only_1.03.exe HP_LaserJet_MFP_M433_Print_Scan_Drivers_1.03.exe
HP LaserJet MFP M436 Printer Series	2KY38A, W7U01A, W7U02A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M436_Print_Scan_Drivers_1.13.exe HP_LaserJet_MFP_M436_Print_Driver_only_1.13.exe HP_LaserJet_MFP_M436_Full_Software_and_Drivers_1.13.exe
HP LaserJet MFP M437 Series	7ZB20A, 7ZB19A, 7ZB21A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe
HP LaserJet MFP M438 Series	8AF43A, 8AF44A, 8AF45A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe
HP LaserJet MFP M439 Series	7ZB22A, 7ZB23A, 7ZB24A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe
HP LaserJet MFP M440 Series	8AF46A, 8AF47A, 8AF48A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe
HP LaserJet MFP M442 Series	8AF71A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe
HP LaserJet MFP M443 Series	8AF72A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe
HP LaserJet MFP M72625-M72630 Series	2ZN49A, 2ZN50A	Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M72625_M72630_Full_Software_and_Drivers_1.05.exe HP_LaserJet_MFP_M72625_M72630_Print_only_1.05.exe HP_LaserJet_MFP_M72625_M72630_Print_Scan_Drivers_1.05.exe
Samsung CLP-360 Color Laser Printer series	SS062A	Printer_CVE-2021-3438_update.exe
Samsung CLP-365 Color Laser Printer Series	SS066A, SW139A, SS067A	Printer_CVE-2021-3438_update.exe
Samsung CLP-366 Color Laser Printer series	SS068A, SV600A	Printer_CVE-2021-3438_update.exe
Samsung CLP-368 Color Laser Printer series	SV601A	Printer_CVE-2021-3438_update.exe
Samsung CLP-560 Color Laser Printer Series	SV611A, SV612A	Printer_CVE-2021-3438_update.exe
Samsung CLP-680 Color Laser Printer Series	SS075A, SS076A	Printer_CVE-2021-3438_update.exe CLP-680_Series_WIN_SPL_PCL_V3.13.06.00.33_CDV1.23.exe CLP-680_Series_WIN_PS_V2.01.09.26_CDV1.23.exe CLP-680_Series_WIN_Printer_V3.13.06.00.33_CDV1.23.zip
Samsung CLP-775 Color Laser Printer Series	SS078A, SS079A	Printer_CVE-2021-3438_update.exe
Samsung CLX-3300 Color Laser Multifunction Printer series	SS088A, SV677A	Printer_CVE-2021-3438_update.exe
Samsung CLX-3305 Color Laser Multifunction Printer Series	SS093A, SS094A, SS095A, SS096A	Printer_CVE-2021-3438_update.exe
Samsung CLX-6260 Color Laser Multifunction Printer Series	SS105A, SS106A, SS107A, SW177A, SS108A	Printer_CVE-2021-3438_update.exe CLX-6260_Series_WIN_SPL_PCL_V3.13.12.02.31_CDV1.25.exe CLX-6260_Series_WIN_PS_V2.01.09.25_CDV1.25.exe CLX-6260_Series_WIN_Printer_V3.13.12.02.31_CDV1.25.zip CLX-6260_Series_WIN_Scanner_V3.21.65.11_CDV1.25.exe
Samsung ML-3750 Laser Printer Series	SS138A	Printer_CVE-2021-3438_update.exe
Samsung ML-4510 Laser Printer series	SS141A	Printer_CVE-2021-3438_update.exe
Samsung ML-4512 Laser Printer series	SS142A	Printer_CVE-2021-3438_update.exe
Samsung ML-5010 Laser Printer series	SS145A	Printer_CVE-2021-3438_update.exe
Samsung ML-5012 Laser Printer series	SS146A	Printer_CVE-2021-3438_update.exe
Samsung ML-5015 Laser Printer Series	SS147A	Printer_CVE-2021-3438_update.exe
Samsung ML-5017 Laser Printer series	SS148A	Printer_CVE-2021-3438_update.exe
Samsung ML-551x Laser Printer Series	SS149A, SS150A,SV897A, SV898A, SS151A,SS152A	Printer_CVE-2021-3438_update.exe
Samsung ML-651x Laser Printer Series	SS153A, SV899C, SV900A, SV901A, SS154A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress CLX-9251 Laser Multifunction Printer series	SS005A, SV719A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress CLX-9301 Laser Multifunction Printer Series	SW179A, SS007A, SW152A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SCX-8128 Laser Multifunction Printer Series	SS018A, SS019A, SS020A, SW172A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SCX-8230 Laser Multifunction Printer series	SS021A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SCX-8240 Laser Multifunction Printer Series	SS022A, ST717A, SW185A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K2200 Laser Multifunction Printer	SS024A, SS025A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K3250 Laser Multifunction Printer Series	SS027E	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K3300 Laser Multifunction Printer series	SS028A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K4250 Laser Multifunction Printer series	SS030A, SS031A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K4300 Laser Multifunction Printer series	SS032A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K4350 Laser Multifunction Printer Series	SS033A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K7400 Laser Multifunction Printer series	SS037A, SS038A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K7500 Laser Multifunction Printer series	SS039A, SS040A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-K7600 Laser Multifunction Printer Series	SS041A, SS042A	Printer_CVE-2021-3438_update.exe
Samsung MultiXpress SL-M4370 Laser Multifunction Printer Series	SS396A, SW117A	Printer_CVE-2021-3438_update.exe M4370_5370_Series_WIN_Printer_V3.13.14.08.41_CDV1.37.zip M4370_5370_Series_WIN_Scanner_V3.32.12_CDV1.37.exe
Samsung MultiXpress SL-M5360 Laser Multifunction Printer Series	SS403A	Printer_CVE-2021-3438_update.exe M4370_5370_Series_WIN_Printer_V3.13.14.08.41_CDV1.37.zip M4370_5370_Series_WIN_Scanner_V3.32.12_CDV1.37.exe
Samsung MultiXpress SL-M5370 Laser Multifunction Printer Series	SS404A, SW121A	Printer_CVE-2021-3438_update.exe M4370_5370_Series_WIN_Printer_V3.13.14.08.41_CDV1.37.zip M4370_5370_Series_WIN_Scanner_V3.32 Mitigation Install updates from vendor's website. Vulnerable software versions ssport.sys: All versions External links http://support.hp.com/us-en/document/ish_3900395-3833905-16 Q & A Can this vulnerability be exploited remotely? No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system. Is there known malware, which exploits this vulnerability? No. We are not aware of malware exploiting this vulnerability. ###SIDEBAR### Stay Connected Security Services Actionable & Personalized Vulnerability Intelligence On-Demand Security Consulting Pricing IT-Consulting IT Infrastructure Outsourcing Services Web Applications Support & Deployment On-Demand Consulting Partner Links SSL/TLS Security Test by ImmuniWeb Web Server Security Test by ImmuniWeb Blog Cyber Security Week in Review: May 10, 2024 Massive BogusBazaar fraud ring steals credit cards from thousands of victims Poland’s government institutions targeted in Russian cyberespionage campaign New HijackLoader variant comes with updated evasion techniques New TunnelVision attack leaks VPN traffic via rogue DHCP servers Read all articles → Contacts \| Terms of use \| Privacy Policy © 2024 Cybersecurity Help s.r.o.