Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable to an authenticated remote code execution (RCE) attack, according to recent reports.
The vulnerability, tracked as CVE-2024-6333, poses a significant risk, as it allows attackers with administrative web credentials to compromise affected devices with root privileges. Timo Longin from SEC Consult’s Vienna office and Tamas Jos from the Zurich office were the ones who discovered the vulnerability. This flaw enables an attacker to execute arbitrary commands on the printer’s operating system.
The vulnerability lies in the “Network Troubleshooting” menu of the web interface, which uses the tcpdump tool. Insufficient input validation allows attackers to inject operating system commands into the tcpdump command string by manipulating the IPv4 address value.
For example, setting the IPv4 address to “0.0.0.0$(bash $TMP~cmd)” would allow commands stored in “/tmp/~cmd” to be executed when initiating a network troubleshooting session. This exploit can be further leveraged to establish a reverse shell, granting attackers full access to the printer’s system.
The vulnerability affects several Xerox printer models, particularly those that have not been updated to the latest firmware versions. Xerox WorkCentre 7970 (073.200.167.09610) and WorkCentre 7855 (073.040.167.09610) were among the initially tested models found to be vulnerable.
SEC Consult has urged Xerox to address this critical security issue promptly. Customers are advised to install the latest updates and review Xerox’s security note XRX24-015 for detailed guidance on mitigating this vulnerability.
Additionally, SEC Consult recommends a comprehensive security review of Xerox products to identify and resolve potential further security issues.
Xerox, a leader in office and production print technology with a growing presence in digital and IT services, has emphasized its commitment to redefining workplace experiences and empowering client success through innovative solutions.
In response to this security concern, Xerox has been called upon to take immediate action to address the vulnerability in their affected printer models. The seriousness of this issue cannot be understated, as it has the potential to be exploited by malicious actors to gain unauthorized access to sensitive systems.
It is critical that Xerox customers take the necessary steps to ensure that their devices are updated with the latest firmware versions and follow the recommended security guidelines provided by Xerox and security experts. By staying vigilant and proactive in addressing security vulnerabilities, organizations can better protect themselves from potential cyber threats and attacks.