CVE-2024-6333

Summary

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

Affected Software

VendorProductVersion RangeStatus
XeroxAltaLink® B8045 / B8055 / B8065 / B8075 / B8090C8030 / C8035 / C8045 / C8055 / C807103.xxx.024.18600
XeroxXerox® EC8036 / EC8056103.xxx.024.18600affected
XeroxXerox® EC8036 / EC8056 - Common Criteria (June 2022)103.023.031.35105affected
XeroxXerox® EC8036 / EC8056 - Common Criteria (June 2024)103.xxx.013.14115affected
XeroxAltaLink®C8130 / C8135 / C8145 / C8155 / C8170B8145 / B8155 / B8170 Common Criteria (Aug 2024)119.xxx.023.13006
XeroxAltaLink® C8130 / C8135 / C8145 / C8155 / C8170B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)111.xxx.003.11600
XeroxVersaLink® B625 / C625B425 / C425 Common Criteria Certified (2024)119.xxx.003.11705
XeroxWorkCentre 3655/3655i075.060.004.07810affected
XeroxWorkCentre 5945/55i075.091.004.07810affected
XeroxWorkCentre 6655/6655i075.110.004.07810affected
XeroxWorkCentre 7220/7225i075.030.004.07810affected
XeroxWorkCentre 7830/7835i075.010 004.07810affected
XeroxWorkCentre 7845/7855i075.040.004.07810affected
XeroxWorkCentre 7845/7855 (IBG)075.080.004.07810affected
XeroxWorkCentre 7970/7970i075.200.004.07810affected
XeroxWorkCentre EC7836075.050.004.07810affected
XeroxWorkCentre EC7856075.020.004.07810affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References