-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0202
                      Xerox Security Bulletin XRX18AE
                              24 August 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Xerox WorkCentre
Operating System:     Network Appliance
Impact/Access:        Denial of Service        -- Remote with User Interaction
                      Access Confidential Data -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-9403 CVE-2017-7602 CVE-2017-7599
                      CVE-2017-7598 CVE-2017-7597 CVE-2017-7596
                      CVE-2017-7593 CVE-2016-10270 CVE-2016-10266
Member content until: Sunday, September 23 2018

OVERVIEW

        Xerox has identified multiple vulnerabilities in its WorkCentre 
        Multifunction printer products. [1]


IMPACT

        Xerox has given the following details about these vulnerabilities:
        
        "This Bulletin is intended ONLY for the specific security problem 
        identified below. The problem identified has been rated a 
        criticality level of IMPORTANT.
        
        Includes the following:
        
        o Prevents the possibility of wireless vulnerability known as Krack
        (Key Reinstallation Attack)
        
        o Updates to Libtiff to address the vulnerabilities documented in 
        the following CVEs -
        CVE-2017-9403, CVE-2017-9404, CVE-2017-7593, CVE-2017-7596, 
        CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600, 
        CVE-2017-7601, CVE-2017-7602, CVE-2016-10266, CVE-2016-10269, 
        CVE-2016-10270" [1]


MITIGATION

        Xerox recommends patching its affected products to the latest 
        version in order to fix these vulnerabilities. [1]
        
        "Model 			WorkCentre 3315/3325 
         System SW version 	51.007.11.000
         Link to SW update  	Available here [2]
         Link to Install Instr 	Available here [3]" [1]


REFERENCES

        [1] Mini Bulletin XRX18AE
            https://security.business.xerox.com/wp-content/uploads/2018/08/cert_Security_Mini_Bulletin_XRX18AE_for_WC3315-3325_v1.0.pdf

        [2] WorkCentre 3325 SPAR Software 51.007.11.000
            http://www.support.xerox.com/support/workcentre-3315-3325/file-download/enus.html?operatingSystem=win10x64&fileLanguage=en&contentId=122834&from=downloads&viewArchived=false

        [3] WorkCentre 3315/3325  Software Upgrade Installation Instructions
            http://download.support.xerox.com/pub/docs/WC3315_WC3325/userdocs/any-os/en_GB/WC3315_3325_Software_Install_Instructions.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW39yPmaOgq3Tt24GAQgepQ/+PQbtXKbfK55tVwLo3/6sjHVrKs6J43c5
oFwzWhlyhQe9ltAidH8MMfYWZqZ4HSDHL0BOeWNDwf6MuaXk7yYkourJh0xudMWE
yp/XyxBeAP0j05ECt97iKivK6z8iH/1psPJ3r/wgKoHTgNpIhU6olK1lkQZeLx0n
QMG/jgJh885VI7VRUYIbFjfQ6cEtact0d0mztHtpx0haXASQuIP12I6+unT0k88E
IFE0MSasZR8MHOj0CibkqkEWuYMi5F0IiduMiQZNCQK4Gxu7dlq2I7uLbQI5KZWV
dRAWyzACB6d+WMTKkG2/J5CQt7PlQPPsWi3AAuzMdO77wY29lH6+SVCtEKNt3EL6
P64pieEQBkEhe7I+XfrZq0oFQZnoAiRRWNlAcSD5p0F1T3fLOfIIOGddnAibOFFl
5PeJIwzKehcuVyPERouDOvqWwlGQ74hEKtiJUPWGTqPBjozztTqSXka1DATK4kRq
LdM+3127Aj722JgyQVTU7NZ8nZjTp8hNRqIOmDRxly8tdpVizv76mpVucpYFpA7a
/yZiGYCZtOqfjIycMVSo0pZQPWwGZYwMw/uox+Sk1MscuDBnFs8q0Zwu3/QQswJI
dSlARzINknZFuPUYc870OltNXeA3bbVHffzqBvsB8DfzL0PrXPK41QuTz/u3MV7v
NQUMNVnx/Mc=
=QLvg
-----END PGP SIGNATURE-----