Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0202 Xerox Security Bulletin XRX18AE 24 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xerox WorkCentre Operating System: Network Appliance Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-9403 CVE-2017-7602 CVE-2017-7599 CVE-2017-7598 CVE-2017-7597 CVE-2017-7596 CVE-2017-7593 CVE-2016-10270 CVE-2016-10266 Member content until: Sunday, September 23 2018 OVERVIEW Xerox has identified multiple vulnerabilities in its WorkCentre Multifunction printer products. [1] IMPACT Xerox has given the following details about these vulnerabilities: "This Bulletin is intended ONLY for the specific security problem identified below. The problem identified has been rated a criticality level of IMPORTANT. Includes the following: o Prevents the possibility of wireless vulnerability known as Krack (Key Reinstallation Attack) o Updates to Libtiff to address the vulnerabilities documented in the following CVEs - CVE-2017-9403, CVE-2017-9404, CVE-2017-7593, CVE-2017-7596, CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600, CVE-2017-7601, CVE-2017-7602, CVE-2016-10266, CVE-2016-10269, CVE-2016-10270" [1] MITIGATION Xerox recommends patching its affected products to the latest version in order to fix these vulnerabilities. [1] "Model WorkCentre 3315/3325 System SW version 51.007.11.000 Link to SW update Available here [2] Link to Install Instr Available here [3]" [1] REFERENCES [1] Mini Bulletin XRX18AE https://security.business.xerox.com/wp-content/uploads/2018/08/cert_Security_Mini_Bulletin_XRX18AE_for_WC3315-3325_v1.0.pdf [2] WorkCentre 3325 SPAR Software 51.007.11.000 http://www.support.xerox.com/support/workcentre-3315-3325/file-download/enus.html?operatingSystem=win10x64&fileLanguage=en&contentId=122834&from=downloads&viewArchived=false [3] WorkCentre 3315/3325 Software Upgrade Installation Instructions http://download.support.xerox.com/pub/docs/WC3315_WC3325/userdocs/any-os/en_GB/WC3315_3325_Software_Install_Instructions.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW39yPmaOgq3Tt24GAQgepQ/+PQbtXKbfK55tVwLo3/6sjHVrKs6J43c5 oFwzWhlyhQe9ltAidH8MMfYWZqZ4HSDHL0BOeWNDwf6MuaXk7yYkourJh0xudMWE yp/XyxBeAP0j05ECt97iKivK6z8iH/1psPJ3r/wgKoHTgNpIhU6olK1lkQZeLx0n QMG/jgJh885VI7VRUYIbFjfQ6cEtact0d0mztHtpx0haXASQuIP12I6+unT0k88E IFE0MSasZR8MHOj0CibkqkEWuYMi5F0IiduMiQZNCQK4Gxu7dlq2I7uLbQI5KZWV dRAWyzACB6d+WMTKkG2/J5CQt7PlQPPsWi3AAuzMdO77wY29lH6+SVCtEKNt3EL6 P64pieEQBkEhe7I+XfrZq0oFQZnoAiRRWNlAcSD5p0F1T3fLOfIIOGddnAibOFFl 5PeJIwzKehcuVyPERouDOvqWwlGQ74hEKtiJUPWGTqPBjozztTqSXka1DATK4kRq LdM+3127Aj722JgyQVTU7NZ8nZjTp8hNRqIOmDRxly8tdpVizv76mpVucpYFpA7a /yZiGYCZtOqfjIycMVSo0pZQPWwGZYwMw/uox+Sk1MscuDBnFs8q0Zwu3/QQswJI dSlARzINknZFuPUYc870OltNXeA3bbVHffzqBvsB8DfzL0PrXPK41QuTz/u3MV7v NQUMNVnx/Mc= =QLvg -----END PGP SIGNATURE-----