Search criteria
27 vulnerabilities found for altalink_c8035_firmware by xerox
FKIE_CVE-2019-10881
Vulnerability from fkie_nvd - Published: 2021-04-13 21:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
References
| URL | Tags | ||
|---|---|---|---|
| cert@airbus.com | https://airbus-seclab.github.io/ | Third Party Advisory | |
| nvd@nist.gov | https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://airbus-seclab.github.io/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6983E3-E3C8-4F1B-B1C8-46BD2647396C",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CB923A-CAE3-4BB6-A9BE-74E25F184F34",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBE5F0F-AF93-4927-BA6D-6462833C413B",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE51ACFB-1C03-4382-9246-0BABC6E77698",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF82B28-C0C2-47A1-B826-84BA648371CD",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF73A654-3853-4F28-9602-59F6EEE00B64",
"versionEndExcluding": "103.001.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39F66268-FABE-4AB7-9D9D-B7E5179E266C",
"versionEndExcluding": "103.001.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04559575-46E7-4A88-B46D-7A743B437038",
"versionEndExcluding": "103.002.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE47AD4B-6AFA-4797-980E-33F902016E21",
"versionEndExcluding": "103.002.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8229EDE1-10DD-4F11-8A72-65B4737CCF25",
"versionEndExcluding": "103.003.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
},
{
"lang": "es",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 103.xxx.030.32000, incluye dos cuentas con contrase\u00f1as embebidas que pueden ser explotadas y permiten el acceso no autorizado que no puede ser deshabilitado"
}
],
"id": "CVE-2019-10881",
"lastModified": "2024-11-21T04:20:02.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "cert@airbus.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-13T21:15:16.740",
"references": [
{
"source": "cert@airbus.com",
"tags": [
"Third Party Advisory"
],
"url": "https://airbus-seclab.github.io/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://airbus-seclab.github.io/"
}
],
"sourceIdentifier": "cert@airbus.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "cert@airbus.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28669
Vulnerability from fkie_nvd - Published: 2021-03-29 20:15 - Updated: 2024-11-21 06:00
Severity ?
Summary
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B498244-F73F-44F4-9745-35D7FFD6FBB5",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD62ED0-A2BA-4A1C-A177-92949DAB8AA7",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAA621D-F05B-448E-BA98-5B42BA0C6B30",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80CFD5F-0348-4CD5-A87C-D83D574A84DD",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B87C71-D26B-42DE-AE88-FD143057CA98",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F04A66-0E11-435A-A025-83ABB60B3247",
"versionEndExcluding": "103.001.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D7949D-40D6-48B0-B5DB-584E51F60525",
"versionEndExcluding": "103.001.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7148C34D-0B83-4669-96EB-C9AB42EE82ED",
"versionEndExcluding": "103.002.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6BAC8F-BB30-4422-BC94-58B873BF6778",
"versionEndExcluding": "103.002.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F79D4707-4A24-4F95-AF5C-18AF28611EBD",
"versionEndExcluding": "103.003.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
},
{
"lang": "es",
"value": "Xerox AltaLink B80xx versiones anteriores a 103.008.020.23120, C8030/C8035 versiones anteriores a 103.001.020.23120, C8045/C8055 versiones anteriores a 103.002.020.23120 y C8070 versiones anteriores a 103.003.020.23120, proporcionan la habilidad de ajustar atributos de configuraci\u00f3n sin derechos administrativos"
}
],
"id": "CVE-2021-28669",
"lastModified": "2024-11-21T06:00:04.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:13.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28668
Vulnerability from fkie_nvd - Published: 2021-03-29 20:15 - Updated: 2024-11-21 06:00
Severity ?
Summary
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B498244-F73F-44F4-9745-35D7FFD6FBB5",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD62ED0-A2BA-4A1C-A177-92949DAB8AA7",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAA621D-F05B-448E-BA98-5B42BA0C6B30",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80CFD5F-0348-4CD5-A87C-D83D574A84DD",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B87C71-D26B-42DE-AE88-FD143057CA98",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F04A66-0E11-435A-A025-83ABB60B3247",
"versionEndExcluding": "103.001.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D7949D-40D6-48B0-B5DB-584E51F60525",
"versionEndExcluding": "103.001.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7148C34D-0B83-4669-96EB-C9AB42EE82ED",
"versionEndExcluding": "103.002.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6BAC8F-BB30-4422-BC94-58B873BF6778",
"versionEndExcluding": "103.002.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F79D4707-4A24-4F95-AF5C-18AF28611EBD",
"versionEndExcluding": "103.003.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
},
{
"lang": "es",
"value": "Xerox AltaLink B80xx versiones anteriores a 103.008.020.23120, C8030/C8035 versiones anteriores a 103.001.020.23120, C8045/C8055 versiones anteriores a 103.002.020.23120 y C8070 versiones anteriores a 103.003.020.23120, presenta varias vulnerabilidades de inyecci\u00f3n SQL"
}
],
"id": "CVE-2021-28668",
"lastModified": "2024-11-21T06:00:04.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:13.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28670
Vulnerability from fkie_nvd - Published: 2021-03-29 18:15 - Updated: 2024-11-21 06:00
Severity ?
Summary
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B498244-F73F-44F4-9745-35D7FFD6FBB5",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD62ED0-A2BA-4A1C-A177-92949DAB8AA7",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAA621D-F05B-448E-BA98-5B42BA0C6B30",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80CFD5F-0348-4CD5-A87C-D83D574A84DD",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B87C71-D26B-42DE-AE88-FD143057CA98",
"versionEndExcluding": "103.008.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F04A66-0E11-435A-A025-83ABB60B3247",
"versionEndExcluding": "103.001.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D7949D-40D6-48B0-B5DB-584E51F60525",
"versionEndExcluding": "103.001.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7148C34D-0B83-4669-96EB-C9AB42EE82ED",
"versionEndExcluding": "103.002.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6BAC8F-BB30-4422-BC94-58B873BF6778",
"versionEndExcluding": "103.002.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F79D4707-4A24-4F95-AF5C-18AF28611EBD",
"versionEndExcluding": "103.003.020.23120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
},
{
"lang": "es",
"value": "Xerox AltaLink B8045/B8090 versiones anteriores a 103.008.030.32000, C8030/C8035 versiones anteriores a 103.001.030.32000, C8045/C8055 versiones anteriores a 103.002.030.32000 y C8070 versiones anteriores a 103.003.030.32000, permiten a usuarios no autorizados, aprovechar la funcionalidad Scan To Mailbox, para eliminar archivos arbitrarios del disco"
}
],
"id": "CVE-2021-28670",
"lastModified": "2024-11-21T06:00:04.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T18:15:13.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18630
Vulnerability from fkie_nvd - Published: 2021-03-04 23:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6983E3-E3C8-4F1B-B1C8-46BD2647396C",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CB923A-CAE3-4BB6-A9BE-74E25F184F34",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBE5F0F-AF93-4927-BA6D-6462833C413B",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE51ACFB-1C03-4382-9246-0BABC6E77698",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF82B28-C0C2-47A1-B826-84BA648371CD",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF73A654-3853-4F28-9602-59F6EEE00B64",
"versionEndExcluding": "103.001.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39F66268-FABE-4AB7-9D9D-B7E5179E266C",
"versionEndExcluding": "103.001.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04559575-46E7-4A88-B46D-7A743B437038",
"versionEndExcluding": "103.002.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE47AD4B-6AFA-4797-980E-33F902016E21",
"versionEndExcluding": "103.002.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8229EDE1-10DD-4F11-8A72-65B4737CCF25",
"versionEndExcluding": "103.003.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
},
{
"lang": "es",
"value": "En las impresoras multifunci\u00f3n Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, las partes de la unidad que conten\u00edan c\u00f3digo ejecutable no se cifraron, por lo que quedaron abiertas a posibles cifrados de divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2019-18630",
"lastModified": "2024-11-21T04:33:24.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-04T23:15:12.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18629
Vulnerability from fkie_nvd - Published: 2021-03-04 07:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70923695-6618-4D8A-8BF9-AD714159F7B5",
"versionEndExcluding": "101.008.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB4EA74-EF08-43A8-841B-5773C643AA5F",
"versionEndExcluding": "101.008.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCE2038-9B08-417D-B8A6-331F7CF9EC61",
"versionEndExcluding": "101.008.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47FC4895-1BC1-4C35-BAE8-F92001D1B1D1",
"versionEndExcluding": "101.008.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C25E605-4387-45AA-8E53-DFE635A448BA",
"versionEndExcluding": "101.008.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9785CF2D-CB90-4D97-8E50-0CFD401FBEDE",
"versionEndExcluding": "101.001.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "991A5733-ECB7-4151-BC92-7886DB5DFDBA",
"versionEndExcluding": "101.001.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8457FD-0687-4682-B642-195A925A66AA",
"versionEndExcluding": "101.002.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0F39FC-6DF0-444A-BB09-CC4D17B40C07",
"versionEndExcluding": "101.002.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAFB5D3-4EE2-4F23-9339-91FB9831C168",
"versionEndExcluding": "101.003.099.28200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
},
{
"lang": "es",
"value": "Las impresoras multifunci\u00f3n Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, permiten a un atacante ejecutar un binario no deseado durante la instalaci\u00f3n de un clon explotado.\u0026#xa0;Esto requiere crear un archivo clonado y firmar ese archivo con una clave privada comprometida"
}
],
"id": "CVE-2019-18629",
"lastModified": "2024-11-21T04:33:24.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-04T07:15:15.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.business.xerox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.business.xerox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18628
Vulnerability from fkie_nvd - Published: 2021-03-04 07:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6983E3-E3C8-4F1B-B1C8-46BD2647396C",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CB923A-CAE3-4BB6-A9BE-74E25F184F34",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBE5F0F-AF93-4927-BA6D-6462833C413B",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE51ACFB-1C03-4382-9246-0BABC6E77698",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF82B28-C0C2-47A1-B826-84BA648371CD",
"versionEndExcluding": "103.008.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF73A654-3853-4F28-9602-59F6EEE00B64",
"versionEndExcluding": "103.001.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39F66268-FABE-4AB7-9D9D-B7E5179E266C",
"versionEndExcluding": "103.001.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04559575-46E7-4A88-B46D-7A743B437038",
"versionEndExcluding": "103.002.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE47AD4B-6AFA-4797-980E-33F902016E21",
"versionEndExcluding": "103.002.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8229EDE1-10DD-4F11-8A72-65B4737CCF25",
"versionEndExcluding": "103.003.010.14010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
},
{
"lang": "es",
"value": "Las impresoras multifunci\u00f3n Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, permiten a un usuario con privilegios administrativos desactivar el cifrado de datos en el dispositivo, dej\u00e1ndolo as\u00ed abierto a una posible divulgaci\u00f3n de informaci\u00f3n criptogr\u00e1fica"
}
],
"id": "CVE-2019-18628",
"lastModified": "2024-11-21T04:33:24.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-04T07:15:13.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.business.xerox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.business.xerox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-19832
Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | altalink_c8035_firmware | - | |
| xerox | altalink_c8035 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F395F3-B066-479F-A8C2-ADEE1EE07FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)"
},
{
"lang": "es",
"value": "Las impresoras Xerox AltaLink C8035, permiten un ataque de tipo CSRF. Una petici\u00f3n para agregar usuarios es realizada en el campo de formulario Device User Database en el URI xerox.set. (El valor de frmUserName debe tener un nombre \u00fanico)."
}
],
"id": "CVE-2019-19832",
"lastModified": "2024-11-21T04:35:29.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-18T18:15:20.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-17172
Vulnerability from fkie_nvd - Published: 2019-01-03 03:29 - Updated: 2024-11-21 03:54
Severity ?
Summary
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65972A0-1138-496C-851B-1624F22D390D",
"versionEndExcluding": "100.001.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A3836-D2C1-4DD4-97BB-35D3EA62850A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE91739A-FAE4-42D3-B281-9052980A979D",
"versionEndExcluding": "100.001.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69AABF49-48CC-4516-A5B3-83591FEF2BE3",
"versionEndExcluding": "100.002.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497F5F82-300D-4B58-8E15-69EFCEE007AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E700E4F-59D5-455B-ADDD-EC8C4C57F6F3",
"versionEndExcluding": "100.002.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C6B82D-8E8B-459C-ABC6-2BBD92089899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD60423D-CF9C-4D3F-8D8B-1AEB8874BAEF",
"versionEndExcluding": "100.003.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D39895D-8CCA-4E26-85D1-D2067FBBBF8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F8C0-613F-457C-984A-2F1FF118D75E",
"versionEndExcluding": "100.008.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF2A9AE-2CB4-409E-8A2A-32686CF09BFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "188CD431-EF5E-4A9C-B1A9-A60B6D4BC736",
"versionEndExcluding": "100.008.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D4AD70-A8F6-4961-9B69-F350763C2825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C63A520-0E26-4359-8FAE-B732379A3A8E",
"versionEndExcluding": "100.008.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C0C841-9B23-43A6-9DD7-2228334C282D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D51A265-7D8C-4C3F-B69C-DF1AD02D2BCD",
"versionEndExcluding": "100.008.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90DAAFD-7B30-4E76-BE07-4184E034F050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEDD67F-8471-42C5-87A1-4356EC97B8D7",
"versionEndExcluding": "100.008.028.05200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C738D737-896F-47BC-B6D2-9C4A10A8D4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web en Xerox AltaLink B80xx en sus versiones anteriores a la 100.008.028.05200, en las C8030/C8035 anteriores a la 100.001.028.05200, en la C8045/C8055 anteriores a la 100.002.028.05200 y en la C8070 anterior a la 100.003.028.05200 permite la inyecci\u00f3n de comandos no autenticada."
}
],
"id": "CVE-2018-17172",
"lastModified": "2024-11-21T03:54:00.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-03T03:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-10881 (GCVE-0-2019-10881)
Vulnerability from cvelistv5 – Published: 2021-04-13 20:58 – Updated: 2024-08-04 22:32
VLAI?
Title
Default hidden Privileged Account Vulnerability in multiple XEROX devices
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
Severity ?
9.4 (Critical)
CWE
- CWE-259 - Use of Hard-coded Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| XEROX | AltaLink B8045/B8055/B8065/B8075/B8090 |
Affected:
n/a
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Raphaël Rigo from the Airbus Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:02.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://airbus-seclab.github.io/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AltaLink B8045/B8055/B8065/B8075/B8090",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "AltaLink C8030/C8035/C8045/C8055/C8070",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 3655",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 5845/5855/5865/5875/5890",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 5945/5955",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 6655",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7220/7225",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7830/7835/7845/7855",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7970",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre EC7836/EC7856",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "ColorQube 9301/9302/9303",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "ColorQube 8700/8900",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 6400",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Phaser 6700",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Phaser 7800",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7525/7530/7535/7545/7556",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7755/7765/7775",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T20:58:01",
"orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"shortName": "airbus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://airbus-seclab.github.io/"
}
],
"solutions": [
{
"lang": "en",
"value": "No fix available for now."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Default hidden Privileged Account Vulnerability in multiple XEROX devices",
"workarounds": [
{
"lang": "en",
"value": "There no known workaround for now available."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"ID": "CVE-2019-10881",
"STATE": "PUBLIC",
"TITLE": "Default hidden Privileged Account Vulnerability in multiple XEROX devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AltaLink B8045/B8055/B8065/B8075/B8090",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "AltaLink C8030/C8035/C8045/C8055/C8070",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 3655",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5845/5855/5865/5875/5890",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5945/5955",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 6655",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7220/7225",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7830/7835/7845/7855",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7970",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre EC7836/EC7856",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "ColorQube 9301/9302/9303",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "ColorQube 8700/8900",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 6400",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Phaser 6700",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Phaser 7800",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7525/7530/7535/7545/7556",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7755/7765/7775",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "XEROX"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://airbus-seclab.github.io/",
"refsource": "MISC",
"url": "https://airbus-seclab.github.io/"
}
]
},
"solution": [
{
"lang": "en",
"value": "No fix available for now."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There no known workaround for now available."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"assignerShortName": "airbus",
"cveId": "CVE-2019-10881",
"datePublished": "2021-04-13T20:58:01",
"dateReserved": "2019-04-05T00:00:00",
"dateUpdated": "2024-08-04T22:32:02.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28668 (GCVE-0-2021-28668)
Vulnerability from cvelistv5 – Published: 2021-03-29 19:28 – Updated: 2024-08-03 21:47
VLAI?
Summary
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T19:28:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28668",
"datePublished": "2021-03-29T19:28:09",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:33.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28669 (GCVE-0-2021-28669)
Vulnerability from cvelistv5 – Published: 2021-03-29 19:27 – Updated: 2024-08-03 21:47
VLAI?
Summary
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T19:27:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28669",
"datePublished": "2021-03-29T19:27:59",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28670 (GCVE-0-2021-28670)
Vulnerability from cvelistv5 – Published: 2021-03-29 17:40 – Updated: 2024-08-03 21:47
VLAI?
Summary
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T17:40:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28670",
"datePublished": "2021-03-29T17:40:09",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:33.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18630 (GCVE-0-2019-18630)
Vulnerability from cvelistv5 – Published: 2021-03-04 22:07 – Updated: 2024-08-05 01:54
VLAI?
Summary
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T22:07:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf",
"refsource": "MISC",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18630",
"datePublished": "2021-03-04T22:07:44",
"dateReserved": "2019-10-30T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18629 (GCVE-0-2019-18629)
Vulnerability from cvelistv5 – Published: 2021-03-04 06:12 – Updated: 2024-08-05 01:54
VLAI?
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T06:12:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.business.xerox.com",
"refsource": "MISC",
"url": "https://security.business.xerox.com"
},
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18629",
"datePublished": "2021-03-04T06:12:03",
"dateReserved": "2019-10-30T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18628 (GCVE-0-2019-18628)
Vulnerability from cvelistv5 – Published: 2021-03-04 06:09 – Updated: 2024-08-05 01:54
VLAI?
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T06:09:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.business.xerox.com",
"refsource": "MISC",
"url": "https://security.business.xerox.com"
},
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18628",
"datePublished": "2021-03-04T06:09:30",
"dateReserved": "2019-10-30T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19832 (GCVE-0-2019-19832)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:12 – Updated: 2024-08-05 02:25
VLAI?
Summary
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:12:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19832",
"datePublished": "2019-12-18T17:12:49",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17172 (GCVE-0-2018-17172)
Vulnerability from cvelistv5 – Published: 2019-01-03 03:00 – Updated: 2024-08-05 10:39
VLAI?
Summary
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-03T03:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17172",
"datePublished": "2019-01-03T03:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10881 (GCVE-0-2019-10881)
Vulnerability from nvd – Published: 2021-04-13 20:58 – Updated: 2024-08-04 22:32
VLAI?
Title
Default hidden Privileged Account Vulnerability in multiple XEROX devices
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
Severity ?
9.4 (Critical)
CWE
- CWE-259 - Use of Hard-coded Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| XEROX | AltaLink B8045/B8055/B8065/B8075/B8090 |
Affected:
n/a
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Raphaël Rigo from the Airbus Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:02.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://airbus-seclab.github.io/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AltaLink B8045/B8055/B8065/B8075/B8090",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "AltaLink C8030/C8035/C8045/C8055/C8070",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 3655",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 5845/5855/5865/5875/5890",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 5945/5955",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 6655",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7220/7225",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7830/7835/7845/7855",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7970",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre EC7836/EC7856",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "ColorQube 9301/9302/9303",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "ColorQube 8700/8900",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 6400",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Phaser 6700",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Phaser 7800",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7525/7530/7535/7545/7556",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "WorkCentre 7755/7765/7775",
"vendor": "XEROX",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T20:58:01",
"orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"shortName": "airbus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://airbus-seclab.github.io/"
}
],
"solutions": [
{
"lang": "en",
"value": "No fix available for now."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Default hidden Privileged Account Vulnerability in multiple XEROX devices",
"workarounds": [
{
"lang": "en",
"value": "There no known workaround for now available."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"ID": "CVE-2019-10881",
"STATE": "PUBLIC",
"TITLE": "Default hidden Privileged Account Vulnerability in multiple XEROX devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AltaLink B8045/B8055/B8065/B8075/B8090",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "AltaLink C8030/C8035/C8045/C8055/C8070",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 3655",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5845/5855/5865/5875/5890",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5945/5955",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 6655",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7220/7225",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7830/7835/7845/7855",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7970",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre EC7836/EC7856",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "ColorQube 9301/9302/9303",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "ColorQube 8700/8900",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 6400",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Phaser 6700",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Phaser 7800",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7525/7530/7535/7545/7556",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7755/7765/7775",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "XEROX"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://airbus-seclab.github.io/",
"refsource": "MISC",
"url": "https://airbus-seclab.github.io/"
}
]
},
"solution": [
{
"lang": "en",
"value": "No fix available for now."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There no known workaround for now available."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"assignerShortName": "airbus",
"cveId": "CVE-2019-10881",
"datePublished": "2021-04-13T20:58:01",
"dateReserved": "2019-04-05T00:00:00",
"dateUpdated": "2024-08-04T22:32:02.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28668 (GCVE-0-2021-28668)
Vulnerability from nvd – Published: 2021-03-29 19:28 – Updated: 2024-08-03 21:47
VLAI?
Summary
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T19:28:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28668",
"datePublished": "2021-03-29T19:28:09",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:33.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28669 (GCVE-0-2021-28669)
Vulnerability from nvd – Published: 2021-03-29 19:27 – Updated: 2024-08-03 21:47
VLAI?
Summary
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T19:27:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28669",
"datePublished": "2021-03-29T19:27:59",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28670 (GCVE-0-2021-28670)
Vulnerability from nvd – Published: 2021-03-29 17:40 – Updated: 2024-08-03 21:47
VLAI?
Summary
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T17:40:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28670",
"datePublished": "2021-03-29T17:40:09",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:33.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18630 (GCVE-0-2019-18630)
Vulnerability from nvd – Published: 2021-03-04 22:07 – Updated: 2024-08-05 01:54
VLAI?
Summary
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T22:07:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf",
"refsource": "MISC",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18630",
"datePublished": "2021-03-04T22:07:44",
"dateReserved": "2019-10-30T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18629 (GCVE-0-2019-18629)
Vulnerability from nvd – Published: 2021-03-04 06:12 – Updated: 2024-08-05 01:54
VLAI?
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T06:12:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.business.xerox.com",
"refsource": "MISC",
"url": "https://security.business.xerox.com"
},
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18629",
"datePublished": "2021-03-04T06:12:03",
"dateReserved": "2019-10-30T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18628 (GCVE-0-2019-18628)
Vulnerability from nvd – Published: 2021-03-04 06:09 – Updated: 2024-08-05 01:54
VLAI?
Summary
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T06:09:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.business.xerox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.business.xerox.com",
"refsource": "MISC",
"url": "https://security.business.xerox.com"
},
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18628",
"datePublished": "2021-03-04T06:09:30",
"dateReserved": "2019-10-30T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19832 (GCVE-0-2019-19832)
Vulnerability from nvd – Published: 2019-12-18 17:12 – Updated: 2024-08-05 02:25
VLAI?
Summary
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:12:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19832",
"datePublished": "2019-12-18T17:12:49",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17172 (GCVE-0-2018-17172)
Vulnerability from nvd – Published: 2019-01-03 03:00 – Updated: 2024-08-05 10:39
VLAI?
Summary
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-03T03:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17172",
"datePublished": "2019-01-03T03:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}