Fax Protocol Vulnerability “Faxsploit”

Please be advised that recently discovered fax protocol vulnerabilities can transform fax machines into network entry points. This attack type occurs via phone lines vs. internet connections, and the only thing required to carry out this attack is a fax number. Because this exploit is carried out via phone lines, no security software can be used to prevent Faxploit.  

Specifically, Faxploit leverages two buffer overflows in fax protocol components that handle DHT and COM markers – CVE 2018-5924 and CVE-2018-5925. Once exploited, attackers could infiltrate internal networks and do a number of things, including, steal printed documents or mine bitcoin.

The following video offers a demonstration of how this attack type works. https://youtu.be/1VDZTjngNqs

Recommendations:

Network segmentation, including isolating fax machines to their own subnetworks would limit the type of data an attacker can gain access to via this attack.

To prevent Faxploit attacks:

Apply patches regularly to individual fax machines and all-in-one office printers, which have embedded fax machines.  HP Faxploit patches for for Officejet all-in-one printers can be found here.

Resources: