Fax Vulnerability Affecting HP Printers

Name:
Fax Vulnerability Affecting HP Printers
Tracking Number
2018-002
First Publish Date
15-Aug-18
Date of Current Status
23-Aug-18
Next Planned Update
NA
Description
Embedded fax may be vulnerable to remote code execution flaws
What you need to know?
Check Point Research were able to gain access using a phone line to send a fax that could take full control over a Hewlett Packard all-in-one printer, and later spread a payload inside the computer network accessible to the printer.
What Is Xerox Doing About This?
Xerox completed assessment to Xerox products.

As a reminder, our Common Criteria Certified MFDs certify our design, which separates the fax processing and the network interface thereby preventing an interconnection between the Public Switch Telephone Network and the Internal Network.

Impact
Assessments indicate:
  • Xerox Devices built on Xerox ConnectKey Technology are not affected by the fax exploit
  • Production products are not affected as they do not have FAX capability
  • Light production products that do have a fax optional kit are not affected by the fax exploit
  • All Product platforms not mentioned here are not affected
What Should You Do?
Although assessed Xerox products are not affected, some best practices are:

If FAX functionality is not needed, you may choose to disable this function. If FAX functionality is needed, segmentation of your network will minimize these types of attacks.

As always, consult your IT department’s practices.