CVE-2019-13168 – A buffer overflow vulnerability in the IPP serv... (How to Fix)

Q: What is the severity of CVE-2019-13168?

CVE-2019-13168 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in the IPP service of certain Xerox printers allows unauthenticated attackers to cause denial of service or potentially execute arbitrary code. This affects Xerox printers like the Phaser 3320 with vulnerable firmware versions. Organizations using affected printers are at risk.

📋 TL;DR

A buffer overflow vulnerability in the IPP service of certain Xerox printers allows unauthenticated attackers to cause denial of service or potentially execute arbitrary code. This affects Xerox printers like the Phaser 3320 with vulnerable firmware versions. Organizations using affected printers are at risk.

💻 Affected Systems

Products:

Xerox Phaser 3320
Other Xerox printer models with similar firmware

Versions: V53.006.16.000 and likely earlier versions

Operating Systems: Embedded printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects printers with IPP service enabled (typically default). Exact model list may be broader than documented.

📦 What is this software?

Phaser 3320 Firmware by Xerox

View all CVEs affecting Phaser 3320 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to connected networks, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing printer downtime and disruption of printing services.

🟢

If Mitigated

Limited to denial of service with no code execution if memory protections are enabled.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible if printers are exposed to internet.

🏢 Internal Only: MEDIUM - Requires network access but no authentication, making internal attacks feasible.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow in IPP attributes parser requires crafting malicious IPP packets. Public technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware versions after V53.006.16.000

Vendor Advisory: https://security.business.xerox.com/

Restart Required: Yes

Instructions:

1. Check current firmware version via printer web interface. 2. Download latest firmware from Xerox support site. 3. Upload firmware via printer web interface. 4. Reboot printer after installation.

🔧 Temporary Workarounds

Disable IPP Service

all

Turn off Internet Printing Protocol service to block exploitation vector.

Access printer web interface > Network/Protocols > Disable IPP

Network Segmentation

all

Isolate printers to separate VLAN with restricted access.

Configure firewall rules to block external access to printer IPP port 631

🧯 If You Can't Patch

Implement strict network access controls to limit printer access to trusted IPs only.
Monitor network traffic to printer port 631 for anomalous IPP packets.

🔍 How to Verify

Check if Vulnerable:

Check firmware version via printer web interface or display panel. Compare against vulnerable version V53.006.16.000.

Check Version:

Access printer web interface at http://[printer-ip]/ and navigate to Settings > Device Information

Verify Fix Applied:

Confirm firmware version is updated beyond V53.006.16.000 and test IPP service functionality.

📡 Detection & Monitoring

Log Indicators:

Printer crash logs
IPP service restart events
Memory error messages in system logs

Network Indicators:

Unusual traffic to port 631
Malformed IPP packets
Multiple connection attempts from single source

SIEM Query:

source="printer_logs" AND ("crash" OR "buffer" OR "IPP") OR dest_port=631 AND packet_size>normal

📊 Metadata

CVE ID: CVE-2019-13168

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: March 13, 2020

Last Updated: November 21, 2024

🔗 References

https://security.business.xerox.com/ Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/ Third Party Advisory
https://security.business.xerox.com/ Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13168, you might also want to check these: