Our biggest vulnerability is probably our employees, but I’m not in charge of patching (educating) them. Our next biggest vulnerability is probably our multi-function printer/scanners. I’ve cloned the “Full and fast” scan config and told to scan the printers too. This allowed us to find and fix several remote code execution (RCE) vulnerabilities (among other problems).
The MFP that we’re testing with is a Ricoh IM C2500. OpenVAS now gives it a Low Severity rating, which is much better than the 10.0 High Severity that we started with.
One problem that we’re encountering is that the printer’s internal web server appears to be crashing when OpenVAS is about 98% done with the scan.
Can OpenVAS give me any details about what it is doing when the web service stops responding on tcp/443?
I’m thinking of trying to report the problem to Ricoh, but they’ll probably ignore me unless I can give them more information.
At 96%
PORT STATE SERVICE
443/tcp open https
9100/tcp open jetdirect
Nmap done: 1 IP address (1 host up) scanned in 12.60 seconds
at 98%
PORT STATE SERVICE
443/tcp filtered https
9100/tcp open jetdirect
Nmap done: 1 IP address (1 host up) scanned in 20.04 seconds
[additional information]
when I block OpenVAS from communicating on tcp/443 to this printer, the scan completes without crashing the printer’s web server. OpenVAS identifies the operating system as cpe:/o:netbsd:netbsd
When the printer was listening on tcp/80, that service also crashed at the end of the OpenVAS scan.
To reiterate: I’m looking for information that might help Ricoh to identify and fix their problem.