Re: Vulnerabilities in Fax Protocol Let Hackers Infiltrate Networks via Fax Machines

Name:

Fax Vulnerability Affecting HP Printers

Tracking Number

2018-002

First Publish Date

15-Aug-18

Date of Current Status

15-Aug-18

Next Planned Update

20-Aug-18

Description

Embedded fax may be vulnerable to remote code execution flaws

What you need to know?

Check Point Research were able to gain access using a phone line to send a fax that could take full control over a Hewlett Packard all-in-one printer, and later spread a payload inside the computer network accessible to the printer.

What Is Xerox Doing About This?

Xerox is actively assessing the impacts to Xerox products.

Impact

Preliminary assessments indicate:

• AltaLink platform is not affected by the fax exploit
• Versalink platform is not affected by the fax exploit
• Production products are not affected as they don’t have FAX capability
• Light production products that do have a fax optional kit are still being assessed
• Product platforms not mentioned here are still under assessment

What Should You Do?

Although assessed Xerox products are not affected, some best practices are:

If FAX functionality is not needed, you may choose to disable this function. If FAX functionality is needed, segmentation of your network will minimize these types of attacks.  As always, consult your IT department.

This posting will be updated as further information becomes available. Please visit https://www.xerox.com/Security for additional updates.