V1.0
Xerox® WorkCentre® 5735/5740/5745/5755/5765/5775/5790
WorkCentre 5765/5775/5790
Security Bulletins for Xerox Products (20)
Xerox Security Bulletin XRX19M (PDF 112.4K)
V1.0
Xerox® WorkCentre® 5735/5740/5745/5755/5765/5775/5790
Xerox Security Bulletin XRX18-001 (PDF 168.3K)
Products Affected by SHA-1 Certificate Expiration Available Options for Continuing Remote Services
Xerox Security Mini Bulletin XRX17AV V1.0 (PDF 99K)
Xerox® WorkCentre® 5735/5740/5745/5755/5765/5775/5790 Multifunction Printer SPAR Release 061.132.227.31901
Xerox Security Mini Bulletin XRX17AM V1.0 (PDF 95.6K)
Xerox® WorkCentre® 5735/5740/5745/5755/5765/5775/5790 MultiFunction Printer SPAR Release 061.132.227.26301
Xerox Security Mini Bulletin XRX17E_V1.0 (PDF 109.6K)
Xerox® WorkCentre® 5735/5740/5745/5755/5765/5775/5790
Xerox Security Mini Bulletin XRX16AD_V1.0 (PDF 113.6K)
Contains fix for many CVEs on WorkCentre 5735/5740/5745/5755 5765/5775/5790
Xerox Security Bulletin XRX16-022 V1.0 (PDF 149.3K)
Cumulative update for Common Criteria Certification on WorkCentre® 5735/5740/5745/5755/5765/5775/5790.
Xerox Security Bulletin XRX16-019 V1.0 (PDF 167.8K)
Patch with FIPS 140-2 compliant SNMPv3 encryption on WorkCentre® 5735/5740/5745/5755/5765/5775/5790.
Xerox Security Mini Bulletin XRX16R_V1.0 (PDF 111.9K)
Contains fix for CVE-2015-2808 Bar Mitzvah, the RC4 algorithm has been removed.
Xerox Security Mini Bulletin XRX15Q V1.0 (PDF 69.9K)
Xerox Security Mini Bulletin XRX15N V1.0 (PDF 105.6K)
Xerox Security Mini Bulletin XRX15E V1.0 (PDF 168.5K)
Xerox Mini Security Bulletin XRX14F v1.0 (PDF 251.9K)
NOTE: This Bulletin is ONLY intended for the specific security problem(s) rated as IMPORTANT for the following products.
WorkCentre 5736 WorkCentre 5740 WorkCentre 5745 WorkCentre 5755 WorkCentre 5765 WorkCentre 5775 WorkCentre 5790
Xerox Mini Security Bulletin XRX14A v1.0 (PDF 453.1K)
NOTE: This Bulletin is ONLY intended for the specific security problem(s) rated as critical for the following products.
WorkCentre 5736 WorkCentre 5740 WorkCentre 5745 WorkCentre 5755 WorkCentre 5765 WorkCentre 5775 WorkCentre 5790
Xerox Security Bulletin XRX12-005 V1.1 (PDF 103.3K)
The Xerox devices ColorQube® 9201/9202/9203, ColorQube® 9301/9302/9303, WorkCentre® 232/238/245/255/265/275, WorkCentre® 5030/5050, WorkCentre® 5135/5150, WorkCentre® 5632/5638/5645/5655/5665/5675/5687, WorkCentre® 5735/5740/5745/5755/5765/5775/5790, WorkCentre® 6400, WorkCentre® 7525/7530/7535/7545/7556, WorkCentre® 7655/7665/7675, WorkCentre® 7755/7765/7775, WorkCentre® Bookmark 40/55, WorkCentre Pro® 232/238/245/255/265/275 were shipped with certain protocols enabled that, if properly exploited, could be used to gain unauthorized access to the system. These particular protocols should not have been present in the production configuration and need to be removed from that configuration to minimize the possibility of unauthorized system access.
A software solution (patch P49) is provided for the products listed. This solution will remove from the production configuration the unwanted protocols in question so they can’t be exploited to gain unauthorized access to the system.
This solution is designed to be installed by the customer. The software solution is compressed into a 3 KB zip file and can be accessed via the link below or via the link following this bulletin announcement on the Xerox Security Site.
Software available through this link:
cert_P49v1_Patch2.zip
Xerox Security Bulletin XRX12-008 v1.0 (PDF 63.2K)
Cumulative update for Common Criteria Certification System Software Version 061.132.222.03800 for the WorkCentre 5735/5740/5745/5755/5765/5775/5790 models is a cumulative update that incorporates security vulnerability fixes up through 09 Feb 2012 as well as other non-security related defect fixes. This release is Common Criteria certified.
This system software release for the products listed is designed to be installed by the customer. This system software version is a full system release so the patch criticality rating is not applicable. The software release is compressed into a 295.9 MB zip file and can be accessed via the link below or via the link contained in the bulletin. http://a400.g.akamai.net/7/400/5566/v0001/xerox.download.akamai.com/5566/cert_061_132_222_03800.zip.
Xerox Security Bulletin XRX12-003 v1.1 (PDF 185.5K)
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.
Xerox Security Bulletin XRX11-002 (PDF 92K)
A vulnerability documented in CVE-2010-2063 exists that, if exploited, could allow remote attackers to execute arbitrary code via specially crafted fields in a Service Message Block (SMB) packet. This could occur with buffer overflows in the Samba third-party code that handles file and printer sharing services for SMB clients (including Xerox MFD devices). If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed. This vulnerability affects only the printer sharing services.
cert_WC57xx_P47v1_Patch.zip
Xerox Security Bulletin XRX10-005 (PDF 79.9K)
A software defect exists in the WorkCentre 5735/5740/5745/5755/5765/5775/5790 with the scan to email function that can result in two different scan to email documents being merged into one document. This issue is most likely to occur on devices with a color scanner when scanning complex documents at higher resolutions.
cert_WC57xx_P44v1_Patch.zip
