I have a client who requires PCI certification for their credit card processing. After i checked things out for the company, I requested the Elavon (the certification entity) run a scan, expecting to pass. But alas, a couple of vulnerabilities were noted, including having port 9100 open to the internet. That port is open to printing services and leads to a local Kyrocera printer (KM-4050) which is not used for printing from outside, but is set up to send and receive faxes. The firewall is only set to allow printing over port 9100. The firewall is a Sonicwall combo firewall/router/access point.
Quetion is, if the traffic coming to the printer from the internet is only coming in the way of fax transmissions, and no printing ever happens from the WAN, does that open the port to other exploits?
Thanks for your assist.