Information of the security risks on Fuji Xerox multifunction and office printers
Information of the security risks
Dear customers,
We sincerely thank you for your continued usage of our products, and We announce Information on the security risks.
We have recently found that potential security risks may exist (Ripple20: CVE-2020-11896, etc.) for some of our multi-function and office printers (please refer to the list of the affected models below); recommend you update your respective models with the latest firmware available for any potentially affected model. Please note, before you decide to install mentioned firmware in your environment, we will also encourage you to read through a few of the suggested workarounds below.
Information of the security risks Affected products and release plan of fixed firmware.
DocuPrint P375 , DocuPrint P375 dw, DocuPrint M375 d, DocuPrint M375 z, DocuPrint P378 d, DocuPrint P378 dw, DocuPrint M378 d, DocuPrint M378 df, DocuPrint P285 dw, DocuPrint P288 dw, DocuPrint M285 z, DocuPrint M288 dw, DocuPrint M288 z, DocuPrint P235 d, DocuPrint M235 dw, DocuPrint M235 z, DocuPrint P275 dw, DocuPrint M275 z, DocuPrint P225 d, DocuPrint M225 dw, DocuPrint M225 z, DocuPrint P265 dw, DocuPrint M265 z, DocuPrint P268 d, DocuPrint P268 dw, DocuPrint M268 dw, DocuPrint M268 z, DocuPrint P115 w, DocuPrint P118 w, DocuPrint M115 w, DocuPrint M115 fw, DocuPrint M115 z, DocuPrint M118 w, DocuPrint M118 z.
Information of the security risks: Proposed countermeasure
The Latest Fuji Xerox firmware release can successfully provide with required protection against mentioned security risks.
Customers are requested to update their respective devices with this new firmware at the earliest. Please click here to download the latest copy of the firmware.
Information of the security risks: Assumed impact
In any malicious attempt, non-authorized personal may extract few tens of data bytes from these affected models connected to the network. We have already confirmed that customer information like print data cannot be extract.
Workarounds
We want to recommend our customers apply the below workarounds until the new firmware is installed on their respective devices.
- Please use our multi-function and office printers with the proper network security settings, including protection by firewalls, etc.
- Please make sure DNS servers with firewalls are applied.
Related information
Please refer to the below reference sites for details of the security risk in public.
- CVE-2020-11896
- CVE-2020-11898
- CVE-2020-11900
- CVE-2020-11901
- CVE-2020-11902
- CVE-2020-11903
- CVE-2020-11906
- CVE-2020-11907
- CVE-2020-11908
- CVE-2020-11909
- CVE-2020-11910
- CVE-2020-11911
- CVE-2020-11912
- CVE-2020-11913
- CVE-2020-11914
So that’s all about Information of the security risks .