CVE-2019-13166 – This vulnerability affects certain Xerox printe... (How to Fix)

Q: What is the severity of CVE-2019-13166?

CVE-2019-13166 has a CVSS score of 7.5 (HIGH). This vulnerability affects certain Xerox printers that lack account lockout mechanisms, allowing attackers to brute-force local account credentials. Organizations using vulnerable Xerox printer models are affected, particularly those with printers accessible to untrusted users. Attackers can extract credentials through repeated login attempts without triggering security controls.

📋 TL;DR

This vulnerability affects certain Xerox printers that lack account lockout mechanisms, allowing attackers to brute-force local account credentials. Organizations using vulnerable Xerox printer models are affected, particularly those with printers accessible to untrusted users. Attackers can extract credentials through repeated login attempts without triggering security controls.

💻 Affected Systems

Products:

Xerox Phaser 3320

Versions: V53.006.16.000 and likely similar firmware versions

Operating Systems: Printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Other Xerox printer models with similar firmware may also be affected. The vulnerability exists in the authentication implementation.

📦 What is this software?

Phaser 3320 Firmware by Xerox

View all CVEs affecting Phaser 3320 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to printers, enabling configuration changes, data interception, or using printers as network footholds for lateral movement.

🟠

Likely Case

Unauthorized users gain access to printer management interfaces, potentially disrupting printing services or accessing sensitive document information.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to printer management functions only.

🌐 Internet-Facing: HIGH if printers are directly internet-accessible, as attackers can remotely brute-force credentials without network restrictions.

🏢 Internal Only: MEDIUM for internal networks, as attackers still need network access but face fewer barriers than internet-facing scenarios.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to printer management interface and knowledge of valid usernames. Brute-force tools can automate credential extraction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for specific firmware updates

Vendor Advisory: https://security.business.xerox.com/

Restart Required: Yes

Instructions:

1. Visit Xerox security portal. 2. Identify your printer model. 3. Download latest firmware. 4. Upload firmware via printer web interface. 5. Reboot printer.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate printers on separate VLANs with strict firewall rules limiting management access.

Strong Password Policy

all

Implement complex, unique passwords for printer accounts to increase brute-force difficulty.

🧯 If You Can't Patch

Implement network access controls to restrict printer management interface access to authorized IPs only
Enable logging and monitoring for failed authentication attempts on printers

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface and compare against patched versions in vendor advisory.

Check Version:

Access printer web interface at http://[printer-ip]/ and navigate to settings or about page.

Verify Fix Applied:

Verify firmware version is updated and test authentication lockout by attempting multiple failed logins.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts from single source
Successful logins from unusual IP addresses

Network Indicators:

High volume of HTTP POST requests to printer login endpoints
Brute-force patterns to /auth or /login paths

SIEM Query:

source="printer_logs" AND (event_type="auth_failure" count>10 within 5min OR event_type="auth_success" from new_ip)

📊 Metadata

CVE ID: CVE-2019-13166

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-307

Published: March 13, 2020

Last Updated: November 21, 2024

🔗 References

https://security.business.xerox.com/ Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/ Third Party Advisory
https://security.business.xerox.com/ Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13166, you might also want to check these: