Sean Krulewitch

**Name of the Vulnerable Software and Affected Versions** Fuji Xerox Printing Systems (FXPS) print engine versions used in Dell 3000cn through 5110cn Fuji Xerox DocuPrint firmware prior to 20060628 Fuji Xerox Network Option Card firmware prior to 5.13 **Description** The issue allows remote attackers to use the FTP printing interface as a proxy, also known as "FTP bounce", by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. **Recommendations** For Fuji Xerox Printing Systems (FXPS) print engine versions used in Dell 3000cn through 5110cn, update the firmware to a version that is not affected by this issue. For Fuji Xerox DocuPrint firmware prior to 20060628, update the firmware to version 20060628 or later. For Fuji Xerox Network Option Card firmware prior to 5.13, update the firmware to version 5.13 or later.

**Name of the Vulnerable Software and Affected Versions** Fuji Xerox Printing Systems (FXPS) print engine versions prior to firmware 20060628 Dell 3000cn through 5110cn Fuji Xerox DocuPrint firmware prior to 20060628 Fuji Xerox Network Option Card firmware prior to 5.13 **Description** The issue concerns the embedded HTTP server in the print engine, which fails to properly authenticate HTTP requests. This allows remote attackers to modify system configuration by sending crafted requests. Such modifications can include changing the administrator password or causing a denial of service to the print server. **Recommendations** For Fuji Xerox Printing Systems (FXPS) print engine versions prior to firmware 20060628, update the firmware to version 20060628 or later. For Dell 3000cn through 5110cn, update the firmware to a version that includes the fix for the authentication issue in the embedded HTTP server. For Fuji Xerox DocuPrint firmware prior to 20060628, update the firmware to version 20060628 or later. For Fuji Xerox Network Option Card firmware prior to 5.13, update the firmware to version 5.13 or later.