A critical vulnerability has been identified in the firmware of multiple Small Office Multifunction and Laser Printers. This flaw allows a network-based attacker to cause the device to become unresponsive or execute arbitrary code by sending a specially crafted print job, potentially leading to a complete compromise of the affected printer and a pivot point into the internal network.

A buffer overflow vulnerability exists in the component responsible for parsing fonts within XPS (XML Paper Specification) documents. An unauthenticated attacker on the same network segment can exploit this by sending a malicious XPS file to an affected printer. The lack of proper bounds checking allows the attacker to overwrite memory, which can either crash the device, causing a denial of service, or execute arbitrary code with the privileges of the printer's firmware.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have severe consequences for the business. An attacker could gain complete control of the printer to intercept, modify, or exfiltrate sensitive documents that are printed, scanned, or faxed. Furthermore, a compromised printer can be used as a persistent foothold within the corporate network to launch further attacks against other internal systems, bypassing perimeter security controls. A denial-of-service attack could also disrupt critical business operations that rely on printing and document management.

Immediate Action: Update the firmware on all affected Small Office Multifunction Printers and Laser Printers to the latest version provided by the vendor (a version later than v06.02). After patching, monitor for any signs of exploitation attempts by reviewing device and network access logs for unusual activity.

Proactive Monitoring: Implement enhanced monitoring for affected devices. Look for an increase in failed print jobs, unexpected device reboots or crashes, and anomalous network traffic patterns directed at the printer's printing ports (e.g., TCP 9100, 515). Monitor network logs for connections from unauthorized or unusual internal IP addresses attempting to send XPS jobs.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce the risk of exploitation:

• Network Segmentation: Isolate printers on a separate, restricted VLAN to limit their accessibility from the general corporate network.
• Access Control Lists (ACLs): Apply strict ACLs on switches or firewalls to ensure that only authorized print servers and specific user subnets can communicate with the printers.
• Disable Unused Protocols: If the XPS print driver is not required for business operations, disable the XPS protocol on the printers through their management interface.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization. Due to the high CVSS score of 9.8 and the potential for a network-based attacker to gain full control over a device and pivot into the internal network, immediate action is required. We strongly recommend that all affected printer models are identified and their firmware is updated to a patched version without delay. While this CVE is not currently on the CISA KEV list, its severity makes it a high-priority candidate for remediation. If patching is delayed, the compensating controls outlined above must be implemented as a matter of urgency.