Published:2021/03/19  Last Updated:2021/04/09

Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)


Fuji Xerox multifunction devices and printers contain a denial-of-service (DoS) vulnerability.

Products Affected

A wide range of the products is affected.
For more information, refer to the information provided by the developer.


Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service (DoS) vulnerability.


An attacker may cause the products to be terminated by sending a specially crafted command.
In order to restart the products, the physical power button on the devices must be operated.


Update the Firmware

  • Multifunction devices
    • Update to the latest version according to the information provided by the developer. The updated firmware is to be downloaded through the network using the remote maintenance service or to be applied by customer service engineers. For more information, contact the developer.
  • Printers
    • Update to the latest version according to the information provided by the developer.
According to the developer, the fixed firmware for the each affected products will be released gradually in groups. Contact the developer for the release dates.

Apply Workarounds
Apply the following workarounds to mitigate the impact of this vulnerability:
  • Locate the product in a secure network such as a network protected by firewalls.
  • Permit access from trusted IP addresses when accessing Internet.
  • Use secure methods, such as Virtual Private Networks (VPNs) when a remote access is necessary.

Vendor Status

Vendor Status Last Update Vendor Notes
Fuji Xerox Co.,Ltd. Vulnerable 2021/04/07 Fuji Xerox Co.,Ltd. website


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Base Score: 4.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
Base Score: 3.3
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)


Masahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2021-20679
JVN iPedia JVNDB-2021-000026

Update History

Fuji Xerox Co.,Ltd. update status
The hyperlink URL under [Products Affected] was updated