On 24 January 2022, a researcher published a proof-of-concept (POC) implementation for a critical vulnerability affecting several XEROX printer models. Following this, XEROX released an advisory confirming that updates to fix this flaw are available. Timely updates are recommended.
Details
On 24 January 2022, researcher Mahmoud Al-Qudsi published a POC for a critical vulnerability tracked as CVE-2022-23968. The researcher notes that an unauthenticated user may POST payloads to the printer, allowing the user to crash the device remotely. In order to exploit this flaw over the internet, a threat actor would need to discover a hostname or an IP address on the destination network, and use a malicious TIFF file that contains an incomplete image directory payload.
The list of affected products includes Xerox® Phaser® 6510 Printer, Xerox® WorkCentre® 6515 Multifunction Printer, and multiple Xerox® VersaLink® models, which are running certain versions of firmware referenced in the advisory.
NIST added the CVE-2022-23968 entry on 26 January 2022, however, XEROX fixed the vulnerability in version xx.61.23 released in June 2020 without submitting the CVE entry. As a result, all versions released after June 2020 are not impacted by this vulnerability.
Recommendations
We recommend upgrading to the latest version of firmware as soon as possible. Publicly available POC makes the targeting of the affected devices more likely.
Restrict print privileges to authenticated users only.
References
Vulnerability Details
XEROX Advisory