Fax Vulnerability Affecting HP Printers

Fax Vulnerability Affecting HP Printers
Tracking Number
First Publish Date
Date of Current Status
Next Planned Update
Embedded fax may be vulnerable to remote code execution flaws
What you need to know?
Check Point Research were able to gain access using a phone line to send a fax that could take full control over a Hewlett Packard all-in-one printer, and later spread a payload inside the computer network accessible to the printer.
What Is Xerox Doing About This?
Xerox completed assessment to Xerox products.

As a reminder, our Common Criteria Certified MFDs certify our design, which separates the fax processing and the network interface thereby preventing an interconnection between the Public Switch Telephone Network and the Internal Network.

Assessments indicate:
  • Xerox Devices built on Xerox ConnectKey Technology are not affected by the fax exploit
  • Production products are not affected as they do not have FAX capability
  • Light production products that do have a fax optional kit are not affected by the fax exploit
  • All Product platforms not mentioned here are not affected
What Should You Do?
Although assessed Xerox products are not affected, some best practices are:

If FAX functionality is not needed, you may choose to disable this function. If FAX functionality is needed, segmentation of your network will minimize these types of attacks.

As always, consult your IT department’s practices.