Vulnerability Dimensions V2C Comments
Cyan Group Editor: Satoshi Fujitani
Definitions from CC tutorial (see http://niap.nist.gov/briefings/):
Confidentiality
Unauthorized disclosure (a.k.a., privacy)
Integrity
Unauthorized modification
Availability
Loss of use
Asset
A useful or valuable quality, person, or thing; an advantage or
resource (http://www.dictionary.com/)
Threat Agent
Person responsible for causing harm to a system in the form of
destruction, disclosure, modification of data, and/or denial of
service
Guidelines used in column categorization:
 Most of items “Denial of Service” in Cyan have a category “Availability”.
 Threat Agent Categories: Who: Unauthorized Guest, User, Admin and Hacker
 Asset Categories: User Documents, MFPs, Configuration files, Supplies,
Audit/Utilization data, other equipment on the network
Notes / Specific comments:
We might be focusing on too difficult situations for Hacker. Following matrix shows how
many threats-vulnerability hacker does.
Matrix of Vulnerability-Threat, Assets and Agent.
Assets \ Agent
MFPs
Unauthorized Guest
Unplug or damage power code
Electrically shorting phone line to
AC
Insertion of telephone in the loop
Take device offline
Disable Scan service
Disable Copier service
Force errors in the print engine or
scan engine during copy to prevent
that engine from being used by
others
User
Unplug or damage power code
Electrically shorting phone line to
AC
Send solid black pages to exhaust
supplies or damage mechanism
Insertion of telephone in the loop
Take device offline
Disable Scan service
Disable Copier service
Unsupported PDL causes lockup
Send a PostScript, PJL or other
job that generates a flood of
backchannel messages
Send an IPP job that generates a
flood of email notifications.
Interrupt copy job and never reprioritize it
Force errors in the print engine or
scan engine during copy to
prevent that engine from being
used by others
Denial of workflow
Admin
Unplug or damage power code
Electrically shorting phone line to
AC
Insertion of telephone in the loop
Take device offline
Disable Copier / scan service
Modify connection/connectivity
settings
Reset factory default
Download modified firmware that
disables the device
Unauthorized firmware update that
never completes negotiation with
remote workstation
Sending huge documents or
excessive copies of document
over and over to one or more
destination workstations
Unauthorized firmware that sends
destructive commands
downstream the work flow based
on events associated with or
caused by the interpretation of
scanned information
Unauthorized firmware update that
never completes negotiation with
remote fax machine
Setting of Fax send speed to
lowest bit rate
Changing of Fax shortcut phone
numbers
Force errors in the print engine or
scan engine during copy to
prevent that engine from being
used by others
Mis-configured hardcopy device
has an open mail relay which
allows routing many email
messages through the printer
Hacker
Unplug or damage power code
Physical injection of noise
Electrically shorting phone line to AC
Unauthorized firmware update always
reports device malfunction
Interfering/damaging paper rolls producing
bad images / malfunction
Mechanically / electronically interfere
Interfere with light source
Take device offline
Modify connection/connectivity settings
Reset factory default
Looping execution
PDL vulnerabilities
Unauthorized RIP firmware update
Flooding attack stops network service
temporary
Crafted packet fails network service
Disable Scan service
Denial of workflow service by degrading
quality, performance of scanner
Alteration of mechanical / optical / electronic
components to degrade quality of scan /
copier results
Dial into FAX modem never completes Fax
training sequence
Send solid black pages to exhaust supplies
or damage mechanism
Send full page grayscale pages with lowest
bit rate
Unauthorized firmware update always report
Fax destination number as busy
Insertion of telephone in the loop
Disable Copier service
Unauthorized firmware update always
reports Copier malfunction
Electronically shorting cables connecting
option units
Flash update attacks, such as flashing with a
corrupted file, or starting a flash memory
update cycle without ever finishing
Change another IP address to be the same
as the IP address of the hardcopy device
Replace a Cat5 cable with a Cat3
User documents
Delete stored print jobs
Changing of Fax shortcut phone
numbers
Use SNMP, Telnet or other protocol to
disable the device
Download modified firmware that disables
the device
Open all available TCP connections and
keep them active
Unauthorized firmware update that never
completes negotiation with remote
workstation
Sending huge documents or excessive
copies of document over and over to one or
more destination workstations
Unauthorized firmware that sends
destructive commands downstream the work
flow based on events associated with or
caused by the interpretation of scanned
information
Unauthorized firmware update that never
completes negotiation with remote fax
machine
Setting of Fax send speed to lowest bit rate
Changing of Fax shortcut phone numbers
Force errors in the print engine or scan
engine during copy to prevent that engine
from being used by others
Setting a very short interval on a network
operation
Loading of a rogue application (e.g. Java) to
flood the network with traffic
The hardcopy device is set to the IP address
of a device
Use FTP to load firmware file to generate a
packet flood
Send a PostScript, PJL or other job that
generates a flood of backchannel messages
Send an IPP job that generates a flood of
email notifications.
Mis-configured hardcopy device has an open
mail relay which allows routing many email
messages through the printer
Electromagnetic sniffing laser head, phone
lines, EM emissions
Destructive Operations (fonts / files removal,
modification)
Disable scan service from workflow by
making the application send unauthorized
Config files
Take device offline
Disable Scan service
Disable Copier serivce
Take device offline
Disable Scan service
Disable Copier serivce
Take device offline
Modify connection/connectivity
settings
Reset factory default
Disable Scan service
Disable Copier serivce
Supplies
Removal user replaceable supplies
Copier solid black pages to
exhaust supplies or damage
mechanism
Removal user replaceable
supplies
Scan solid black pages to exhaust
supplies or damage mechanism
Send solid black pages to exhaust
supplies or damage mechanism
Copier solid black pages to
exhaust supplies or damage
mechanism
Removal user replaceable
supplies
Scan solid black pages to exhaust
supplies or damage mechanism
Copier solid black pages to
exhaust supplies or damage
mechanism
Audit data
Utility data
commands to the scanner
Denial of workflow service by degrading
quality of copier
Changing of Fax shortcut phone numbers
Take device offline
Modify connection/connectivity settings
Reset factory default
Disable Scan service
Change scanner config work only in lowest
resolution, etc.
Cause unrecoverable “double feed” error
through firmware / electromechanical means
Unauthorized setting of scanning /copier
parameters
Set modem config always negotiate to very
lowest bit rate
Disable FAX service
Changing the country setting of Fax modem
Changing FAX config to send/receive only in
highest resolution
Disable Copier service
Changing Copier configuration to work only
in lowest resolution, etc
Disabling ports and/or protocols
Change language or lock front panel
Change settings to cause print or scan job
errors
Change settings to create additional and
unnecessary work
Change the management interface access
credentials
Change print restrictions so users/groups are
denied access
Disable or Damage ID device
Removal user replaceable supplies
Scan solid black pages to exhaust supplies
or damage mechanism
Copier solid black pages to exhaust supplies
or damage mechanism
Unauthorized Access or alteration
Intercept notification
Destructive Operations (fonts / files removal,
modification)
Fonts data
Other equipment
on network
Send a PostScript, PJL or other
job that generates a flood of
backchannel messages
Send an IPP job that generates a
flood of email notifications.
Unauthorized firmware update that
never completes negotiation with
remote workstation
Sending huge documents or
excessive copies of document
over and over to one or more
destination workstations
Unauthorized firmware that sends
destructive commands
downstream the work flow based
on events associated with or
caused by the interpretation of
scanned information
Unauthorized firmware update that
never completes negotiation with
remote fax machine
Setting of Fax send speed to
lowest bit rate
Mis-configured hardcopy device
has an open mail relay which
allows routing many email
messages through the printer
Destructive Operations (fonts / files removal,
modification)
Disable scan service from workflow by
making the application send unauthorized
commands to the scanner
Denial of workflow service by degrading
quality of copier
Change another IP address to be the same
as the IP address of the hardcopy device
Unauthorized firmware update that never
completes negotiation with remote
workstation
Sending huge documents or excessive
copies of document over and over to one or
more destination workstations
Unauthorized firmware that sends
destructive commands downstream the work
flow based on events associated with or
caused by the interpretation of scanned
information
Unauthorized firmware update that never
completes negotiation with remote fax
machine
Setting of Fax send speed to lowest bit rate
Setting a very short interval on a network
operation
packet flooding
Loading of a rogue application (e.g. Java) to
flood the network with traffic
The hardcopy device is set to the IP address
of a device
Use FTP to load firmware file to generate a
packet flood
Send a PostScript, PJL or other job that
generates a flood of backchannel messages
Send an IPP job that generates a flood of
email notifications.
Mis-configured hardcopy device has an open
mail relay which allows routing many email
messages through the printer