CVE-2019-13171

Name of the Vulnerable Software and Affected Versions Xerox printers versions prior to the fixed version

Description The issue is caused by an insecure handling of the register parameters in the Google Cloud Print implementation, allowing an unauthenticated attacker to execute arbitrary code on the device. This is due to the size used within a memcpy() function not being checked properly, leading to a stack-based buffer overflow. The action value is copied into a local variable, which can be exploited.

Recommendations For Xerox printers, update to a version that includes the fix for the insecure handling of register parameters in the Google Cloud Print implementation. As a temporary workaround, consider disabling the Google Cloud Print feature until a patch is available. Restrict access to the device to minimize the risk of exploitation.