SMBv1 on a printer security implications

Joined
Aug 10, 2018
Messages
46
Hi all,

Our office has a printer/scanner that scans to a shared SMB folder (FreeNAS 11.1) over the LAN. The scanner only operates at SMBv1 and the FreeNAS box also has SMB shares for each working group. I had to manually enable SMBv1 to get the scan-to-folder function to work.

I'm not sure how SMB protocol works and if I have introduced a gaping vulnerability hole? Do the FreeNAS/Windows shares operate at the highest protocol version of SMB that they both know? Or does having a single SMBv1 connection drag everything else down? Is an SMBv1 connection between FreeNAS and a printer (which I think has linux based firmware?) introducing vulnerability?

This is pretty adamant that I'm doing the wrong thing and need to throw out the printer?
https://www.ixsystems.com/blog/library/do-not-use-smb1/
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Hi all,

Our office has a printer/scanner that scans to a shared SMB folder (FreeNAS 11.1) over the LAN. The scanner only operates at SMBv1 and the FreeNAS box also has SMB shares for each working group. I had to manually enable SMBv1 to get the scan-to-folder function to work.

I'm not sure how SMB protocol works and if I have introduced a gaping vulnerability hole? Do the FreeNAS/Windows shares operate at the highest protocol version of SMB that they both know? Or does having a single SMBv1 connection drag everything else down? Is an SMBv1 connection between FreeNAS and a printer (which I think has linux based firmware?) introducing vulnerability?

It's not a gaping security hole. Eventually you will need to figure out what to do about the printer because I think in a few years SMB1 support may be entirely removed from samba.
 

seanm

Guru
Joined
Jun 11, 2018
Messages
570
Hi all,

Our office has a printer/scanner that scans to a shared SMB folder (FreeNAS 11.1) over the LAN. The scanner only operates at SMBv1

Are you sure there aren't any firmware updates for the device? Did you contact the manufacturer? How old is the device?

I'm not sure how SMB protocol works and if I have introduced a gaping vulnerability hole?

Depends on your environment and threat model, but the hole is pretty gaping IMHO:

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

For home, maybe no big deal. For enterprise, just buy a new scanner, they are only a few hundred dollars.
 
Joined
Aug 10, 2018
Messages
46
Are you sure there aren't any firmware updates for the device? Did you contact the manufacturer? How old is the device?



Depends on your environment and threat model, but the hole is pretty gaping IMHO:

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

For home, maybe no big deal. For enterprise, just buy a new scanner, they are only a few hundred dollars.
we have a Toshiba ESTUDIO3505AC for which I can't find any firmware upgrades.

What risk is present? MS16-144 which allows arbitrary code execution appears to only be an issue on Windows (there are windows clients accessing FreeNAS shares but they would use the highest SMB version they know rather than SMBv1?)

MITM and traffic snooping appear to be clear risks?
 

seanm

Guru
Joined
Jun 11, 2018
Messages
570
we have a Toshiba ESTUDIO3505AC for which I can't find any firmware upgrades.

A quick search suggests that this device is still for sale. If so, that's really negligent on Toshiba's part. I would contact them.

What risk is present? MS16-144 which allows arbitrary code execution appears to only be an issue on Windows (there are windows clients accessing FreeNAS shares but they would use the highest SMB version they know rather than SMBv1?)

In general, yes. But if you have an adversary on your network, he could possibly do a downgrade attack.

MITM and traffic snooping appear to be clear risks?

Yes.
 
Top