Fax Protocol Vulnerabilities Leave Networks Open to Attacks via Fax Machines

Researchers at Check Point revealed vulnerabilities in the fax protocol of HP OfficeJet all-in-one printers that could give threat actors network access. Dubbed Faxploit, this attack takes advantage of two vulnerabilities in fax protocol components, CVE-2018-5924 and CVE-2018-5925. If an attacker sends a malformed fax image to a fax machine containing code to exploit the vulnerabilities, they could gain remote code execution over the device. Once they gain control of the fax machine, the threat actors can then use additional hacking tools, such as the EternalBlue exploit, to infect additional systems on the network. To target an organization, an attacker would only need the organization’s fax number, often available publicly, and a phone line. While HP released patches last week for their OfficeJet all-in-one printers, the researchers believe that fax machines from other vendors likely contain the same vulnerabilities. The NJCCIC recommends users and administrators of HP OfficeJet all-in-one printers review the HP Security Bulletin for more information and apply the most recent patch as soon as possible. Additionally, administrators using all-in-one printers are encouraged to use network segmentation to help mitigate attacks such as Faxploit.