CVE-2021-20679
📋 TL;DR
This vulnerability in Fuji Xerox multifunction devices and printers allows attackers to send specially crafted commands that cause denial of service (DoS) conditions and abnormal termination (ABEND) of affected devices. The attack disrupts printing, scanning, and other device functions, affecting organizations using these specific Fuji Xerox models.
💻 Affected Systems
- Fuji Xerox DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273
- DocuCentre-VII C7788/C6688/C5588
- ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273
- ApeosPort-VII C7788/C6688/C5588
- ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G
- ApeosPort-VII C4421/C3321
- ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G
- ApeosPort-VII CP4421
- ApeosPort Print C5570
- ApeosPort 5570/4570/5570G/4570G
- ApeosPort 3560/3060/2560/3560G/3060G/2560G
- ApeosPort-VII 5021/4021
- ApeosPort-VII P5021
- DocuPrint CP 555 d/505 d
- DocuPrint P505 d
- PrimeLink C9065/C9070
- DocuPrint CP475AP
- DocuPrint P475AP
📦 What is this software?
Apeosport Print C4570 Firmware by Fujixerox
Apeosport Print C5570 Firmware by Fujixerox
⚠️ Risk & Real-World Impact
Worst Case
Complete device unavailability requiring physical restart, disrupting all printing/scanning operations and potentially affecting business continuity.
Likely Case
Temporary service disruption requiring device reboot, causing printing delays and workflow interruptions.
If Mitigated
Minimal impact if devices are network-segmented and not internet-facing, with quick recovery via reboot.
🎯 Exploit Status
Attack requires sending specially crafted commands to device network services. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates released March 2021
Vendor Advisory: https://www.fujixerox.co.jp/company/news/notice/2021/0319_announce.html
Restart Required: Yes
Instructions:
1. Identify affected device models. 2. Download firmware updates from Fuji Xerox support portal. 3. Apply firmware updates following vendor instructions. 4. Reboot devices after update completion.
🔧 Temporary Workarounds
Network segmentation
allIsolate affected devices from untrusted networks and internet access
Access control lists
allImplement network ACLs to restrict access to device management interfaces
🧯 If You Can't Patch
- Segment devices on isolated network VLANs with strict access controls
- Implement monitoring for abnormal device restarts and network traffic to device ports
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or device display against vendor advisoryCheck Version:
Access device web interface at http://[device-ip]/ or check device display menu for firmware versionVerify Fix Applied:
Verify firmware version matches patched versions listed in vendor advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected device reboots
- Abnormal termination logs in device system logs
- Failed service messages
Network Indicators:
- Unusual traffic patterns to device management ports
- Multiple connection attempts to device services
SIEM Query:
source="network_device" AND (event_type="reboot" OR event_type="crash") AND device_vendor="Fuji Xerox"🔗 References
- https://jvn.jp/en/jp/JVN37607293/index.html
- https://www.fujixerox.co.jp/company/news/notice/2021/0319_announce.html
- https://www.fujixerox.com/eng/company/news/notice/2021/0319_announce.html
- https://jvn.jp/en/jp/JVN37607293/index.html
- https://www.fujixerox.co.jp/company/news/notice/2021/0319_announce.html
- https://www.fujixerox.com/eng/company/news/notice/2021/0319_announce.html
