https://community.usa.canon.com/t5/General-Discussion/Faxsploit-T-30-extension-vulnerability/m-p/253994#M25133 <P>Hi, tbec2018!</P><P>Our engineers and IT teams have researched this and have issued the following statement which you can find on the <A href="https://global.canon/en/support/security/fax.html#xA;" target="_blank">Canon Global web site</A>:</P><P><BR /><FONT color="#808080">Recently, researchers reported on vulnerabilities found in the communication protocols in the fax functions of certain products. (CVE-ID: CVE-2018-5924, CVE 2018-5925)</FONT></P><P><BR /><FONT color="#808080">For information regarding the impact of these vulnerabilities on Canon products equipped with fax functions, please see below:</FONT></P><P><BR /><FONT color="#808080">Based on our review, as they do not employ the color G3 Fax Protocol exploited by these vulnerabilities, the following products are unaffected:</FONT><BR /><FONT color="#808080">imageRUNNER/iR, imageRUNNER ADVANCE, LASER CLASS, imagePRESS, FAXPHONE, GP and imageCLASS/i-SENSYS series models equipped with fax functions.</FONT></P><P><BR /><FONT color="#808080">MAXIFY and PIXMA series products equipped with fax functions do make use of the color G3 Fax Protocol. However, we have not identified any risk of malicious code being executed via the fax circuit or risk to the security of information saved on these devices.</FONT></P><P><BR /><FONT color="#808080">We will continue to monitor this situation and take appropriate action necessary to help ensure the security of our devices.</FONT></P> Thu, 30 Aug 2018 18:50:16 GMT Danny 2018-08-30T18:50:16Z https://community.usa.canon.com/t5/General-Discussion/Faxsploit-T-30-extension-vulnerability/m-p/253374#M25132 <P>I'm curious to know what Canon's position is on the vulnerability dubbed "Faxsploit" recently discovered by CheckPoint researchers (CVE-2018-5924 and CVE-2018-5925).&nbsp; These critical vulnerabilities have a CVSS v3 score of 9.8 out of 10.&nbsp; Specifically, I would like to know if Canon has verified that their line of MFP's are not vulnerable and do not use the&nbsp;color fax T.30 extension.&nbsp; While currently only HP MFP devices are known to be vulnerable, the researchers said&nbsp;that other fax vendors are most likely affected by similar vulnerabilities.</P><P>&nbsp;</P><P>To directly quote CheckPoint: "Our research was done on HP Officejet all-in-one printers though this was merely a test-case. We strongly believe that similar vulnerabilities apply to other fax vendors too as this research concerns the fax communication protocols in general."</P><P>&nbsp;</P><P><A href="https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/" target="_self">https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/</A></P><P>&nbsp;</P><P>Other Fax Vendors have issued statements about the impact of this vulnerability on their devices/fax software:</P><P>Ex:&nbsp;<A href="https://www.biscom.com/faxsploit-recent-mfp-fax-vulnerability/" target="_self">https://www.biscom.com/faxsploit-recent-mfp-fax-vulnerability/</A></P><P>&nbsp;</P><P>Demo of Exploit:&nbsp;<A href="https://youtu.be/1VDZTjngNqs" target="_self">https://youtu.be/1VDZTjngNqs</A></P><P>&nbsp;</P> Fri, 24 Aug 2018 14:44:21 GMT https://community.usa.canon.com/t5/General-Discussion/Faxsploit-T-30-extension-vulnerability/m-p/253374#M25132 tbec2018 2018-08-24T14:44:21Z https://community.usa.canon.com/t5/General-Discussion/Faxsploit-T-30-extension-vulnerability/m-p/253994#M25133 <P>Hi, tbec2018!</P><P>Our engineers and IT teams have researched this and have issued the following statement which you can find on the <A href="https://global.canon/en/support/security/fax.html#xA;" target="_blank">Canon Global web site</A>:</P><P><BR /><FONT color="#808080">Recently, researchers reported on vulnerabilities found in the communication protocols in the fax functions of certain products. (CVE-ID: CVE-2018-5924, CVE 2018-5925)</FONT></P><P><BR /><FONT color="#808080">For information regarding the impact of these vulnerabilities on Canon products equipped with fax functions, please see below:</FONT></P><P><BR /><FONT color="#808080">Based on our review, as they do not employ the color G3 Fax Protocol exploited by these vulnerabilities, the following products are unaffected:</FONT><BR /><FONT color="#808080">imageRUNNER/iR, imageRUNNER ADVANCE, LASER CLASS, imagePRESS, FAXPHONE, GP and imageCLASS/i-SENSYS series models equipped with fax functions.</FONT></P><P><BR /><FONT color="#808080">MAXIFY and PIXMA series products equipped with fax functions do make use of the color G3 Fax Protocol. However, we have not identified any risk of malicious code being executed via the fax circuit or risk to the security of information saved on these devices.</FONT></P><P><BR /><FONT color="#808080">We will continue to monitor this situation and take appropriate action necessary to help ensure the security of our devices.</FONT></P> Thu, 30 Aug 2018 18:50:16 GMT https://community.usa.canon.com/t5/General-Discussion/Faxsploit-T-30-extension-vulnerability/m-p/253994#M25133 Danny 2018-08-30T18:50:16Z https://community.usa.canon.com/t5/General-Discussion/Faxsploit-T-30-extension-vulnerability/m-p/253998#M25134 <P>Thank you for the follow-up - it's greatly appreciated!</P> Thu, 30 Aug 2018 20:57:04 GMT https://community.usa.canon.com/t5/General-Discussion/Faxsploit-T-30-extension-vulnerability/m-p/253998#M25134 tbec2018 2018-08-30T20:57:04Z