Printing issues when Xerox devices are tested with a vulnerability scanner

Name
Printing issues when Xerox devices are tested with a vulnerability scanner
Tracking Number
2017-004
First Publish Date
04-Apr-17
Date of Current Status
09-May-17
Next Planned Update
N/A
Description
Some Xerox printers may begin printing pages filled with the letter ‘X’ when scanned by the Qualys network vulnerability scanning tool.
What You Need To Know?
Qualys looks for a large number of potential vulnerabilities, including the recent Apache Struts vulnerability (CVE-2017-5638). However, no Xerox printer has Apache Struts in its software. It’s believed that the check for this vulnerability triggers Xerox WorkCentre and ConnectKey devices to print pages. Xerox has investigated this issue and has developed a fix.
What is Xerox Doing About This?
Xerox has investigated how this particular vulnerability check causes this behavior. A potential workaround has been determined that can be used while a permanent fix is developed. Software updates are available.
Impact
This issue may cause the device to run out of paper if the job is not cancelled. Xerox devices do not have Apache Struts and no information is lost or stolen as a result of this issue.
What Should You Do?
In the short term, the easiest way to avoid this is to not use Qualys to scan Xerox WorkCentre and ConnectKey devices. Alternatively, the Hold All Jobs feature can be set On via the web interface prior to running Qualys. Once finished, turning Hold All Jobs to Off will clear the job queue without printing. Updated software is available from Xerox Customer Support.