Check: MFD02.004
      
      
        
  Multifunction Device and Network Printers Security Technical Implemetation Guide:
  MFD02.004
  
    (in versions v2 r15 through v2 r13)
  
      
      
    
  Title
The MFD or Network Printer must employ the most current firmware available. (Cat II impact)
Discussion
MFD devices or printers utilizing old firmware can expose the network to known vulnerabilities leading to a denial of service or a compromise of sensitive data. While the MFD must use the most current firmware available, it must not use a “call-home” feature that is not allowed.
Check Content
The reviewer will verify that the MFD or Network Printer are flash upgradeable and are configured to use the most current firmware available. Ensure any “call-home” feature is disabled. If the MFD or Network Printer is not flash upgradeable, this is a finding. If the MFD or Network Printer is not configured with the most current firmware, this is a finding. If the MFD or Network Printer has the “call-home” feature enabled, this is a finding.
Fix Text
If the MFD or printer cannot be upgraded replace it. If the MFD or printer can be upgraded but is not using the latest release of the firmware, upgrade the firmware.
Additional Identifiers
Rule ID: SV-7002r2_rule
Vulnerability ID: V-6780
Group Title: MFD Firmware
Expert Comments
      
        
        
      
      
        
  CCIs
      
      
        
        
      
    
  | Number | Definition | 
|---|---|
| No CCIs are assigned to this check | 
      
        
        
      
      
        
  Controls
      
      
        
        
      
    
  | Number | Title | 
|---|---|
| No controls are assigned to this check |