XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014
BID: 52483
OSVDB: 80096

Background

Some Xerox Multifunction Printers (MFP) utilize Dynamic Loadable Modules (DLM) for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100.

Problem

Multiple Xerox products are vulnerable to arbitrary code execution. A remote unauthenticated attacker could exploit this vulnerability by supplying a DLM to 9100/TCP that modifies the system configuration.

Resolution

Follow directions for your printer model as described in Xerox Security Bulletin XRX12-003.

References

http://www.xerox.com/download/security/security-bulletin/1284332-2ddc5-4baa79b70ac40/cert_XRX12-003_v1.1.pdf
http://foofus.net/goons/percx/Xerox_hack.pdf

Platforms

Unix

Back to exploit index