Biscom’s fax software is not impacted by the MFP Fax vulnerability released in a report on August 12th by CheckPoint Research (CVE-2018-5924 and CVE-2018-5925). This attack uses the color fax T.30 extension that Biscom has not implemented.
The attack was an exploit of a specific device as opposed to the reports of there being a vulnerability in the T.30 fax protocol. The hackers determined how to overflow buffers to gain access to the device in order to execute malware that allowed the attacker to take control of the device. The attack was accomplished by using the color fax T.30 extension to send a malformed JPEG that contained malware.
This exploit highlights the advantages of software based fax servers that run on operating systems that are patched on a regular basis. As a matter of normal best security practices, Biscom recommends keeping systems up to date with the latest release of fax server software and operating system to help minimize the risks of attacks.