CVE-2019-10880
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| XEROX | AltaLink B8045/B8055/B8065/B8075/B8090 | unspecified <= 101.008.008.27400 | unknown |
| XEROX | AltaLink C8030/C8035/C8045/C8055/C8070 | unspecified <= 101.001.008.27400 | unknown |
| XEROX | WorkCentre 3655 | unspecified <= 073.060.075.34540 | unknown |
| XEROX | WorkCentre 5845/5855/5865/5875/5890 | unspecified <= 073.190.075.34540 | unknown |
| XEROX | WorkCentre 5945/5955 | unspecified <= 073.091.075.34540 | unknown |
| XEROX | WorkCentre 6655 | unspecified <= 073.110.075.34540 | unknown |
| XEROX | WorkCentre 7220/7225 | unspecified <= 073.030.075.34540 | unknown |
| XEROX | WorkCentre 7830/7835/7845/7855 | unspecified <= 073.010.075.34540 | unknown |
| XEROX | WorkCentre 7970 | unspecified <= 073.200.075.34540 | unknown |
| XEROX | WorkCentre EC7836/EC7856 | unspecified <= 073.020.167.17200 | unknown |
| XEROX | ColorQube 9301/9302/9303 | unspecified < 072.xxx.009.07200 | affected |
| XEROX | ColorQube 8700/8900 | unspecified < 072.xxx.009.07200 | affected |
| XEROX | WorkCentre 6400 | unspecified <= 061.070.100.24201 | unknown |
| XEROX | Phaser 6700 | unspecified <= 081.140.103.22600 | unknown |
| XEROX | Phaser 7800 | unspecified <= 081.150.103.05600 | unknown |
| XEROX | WorkCentre 5735/5740/5745/5755/5765/5775/5790 | unspecified <= 061.132.221.21403 | unknown |
| XEROX | WorkCentre 7525/7530/7535/7545/7556 | unspecified <= 061.121.224.18803 | unknown |
| XEROX | WorkCentre 7755/7765/7775 | unspecified <= 061.090.220.19700 | unknown |
Weaknesses
- CWE-78: CWE-78 OS Command Injection
Workarounds
There are no known workarounds for now available.
ADP Enrichment
CVE Program Container
Additional References
- https://airbus-seclab.github.io/
- https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf
References
- https://airbus-seclab.github.io/
- https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.