It became known that a year and a half ago, Xerox fixed a vulnerability in some models of its printers, which turned devices into useless ” bricks “. Only now information about this error has become publicly available.
The vulnerability has the identifier CVE-2022-23968, although Xerox learned about it back in September 2019. In January 2020, the manufacturer confirmed to researchers that the bug affects at least one series of printers, and then did not report anything about the error for as much as two years.The vulnerability could partially block an affected device, causing a denial of service (DoS) condition in which the printer requests a reboot. The error reappeared again right after the reboot, in a continuous loop. That is, after the attack, the printer became useless, and it was impossible to use it.
The vulnerability could be exploited using a special multi-page TIFF file that contained an incomplete image directory payload.
As the NeoSmart Technologies experts who discovered this bug now say, the printer always checks the documents to determine the resources it needs to complete the print. But in this case, the TIFF handler in the printer firmware has a problem, and the device reports that it needs a hard reboot.
Alas, after a reboot, the printer tries to resume the print job and encounters the same problem again. The cycle cannot be broken by unplugging the machine, as this will not delete print jobs from memory. Moreover, after a reboot, the print queue management interface may not be available even without CVE-2022-23968.
The denial-of-service cycle can only be broken by running the firmware update process over the network (if there are pending firmware updates in the queue), as this action will clear all jobs in the queue. Also, according to the researchers, manually cleaning the storage module on the device can help, but this requires physical access.
Xerox developers report that the bug affects several models of the VersaLink series (including copiers), as well as Phaser 6510 and WorkCentre 6515 printers and copiers. The bug was fixed in June 2020 with the release of firmware version xx.61.23.
Let me remind you that we also said that HP Fixed Critical Potential Worm Vulnerability in 150 Printer Models, and also that Brother printers may not work in Windows 11.
