March 19, 2021
Fuji Xerox informed that recently a Denial of Service (DoS) vulnerability was found on its multi-function and single-function printers. Users with network access can send commands to selected Fuji Xerox devices through an unsecured network which can potentially make the machine stop with an error code.
However, this vulnerability was found to have no impact on the information stored on these devices. The vulnerability is simply leading to productivity loss by means of the device needing to be turned off and on (to recover), when a system fault error (116-324) is displayed on the operational panel.
Status of affected models and fixed firmware:
Once available, the updated firmware is to be downloaded through the network using the remote maintenance service or to be applied by customer service engineers.
For customers who setup auto-download of firmware by EP-BB maintenance contracts, the device firmware will be serially upgraded by EP-BB feature after the release of latest firmware. For other customers who do not have an EP-BB maintenance contract, Fuji Xerox is asking to contact one of their customer support centres.
In order to mitigate the potential risks from this vulnerability, Fuji Xerox advises its customers to implement the following workarounds until next firmware fix is released:
- Please see, your Fuji Xerox multi-function printers or single-function printers on the network are protected by the firewall etc.
- If external access from internet is permitted, then please consider permitting the access to specific IP address only or use VPN to connect.
Categories : Products and Technology