CVE-2019-10880
Published: Apr 12, 2019
Modified: Aug 4, 2024
CVSS v3.0
9.8
Description
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
| Vendor | Product | Versions |
|---|---|---|
XEROX | AltaLink B8045/B8055/B8065/B8075/B8090 | unknown unspecified - <= 101.008.008.27400 |
XEROX | AltaLink C8030/C8035/C8045/C8055/C8070 | unknown unspecified - <= 101.001.008.27400 |
XEROX | WorkCentre 3655 | unknown unspecified - <= 073.060.075.34540 |
XEROX | WorkCentre 5845/5855/5865/5875/5890 | unknown unspecified - <= 073.190.075.34540 |
XEROX | WorkCentre 5945/5955 | unknown unspecified - <= 073.091.075.34540 |
XEROX | WorkCentre 6655 | unknown unspecified - <= 073.110.075.34540 |
XEROX | WorkCentre 7220/7225 | unknown unspecified - <= 073.030.075.34540 |
XEROX | WorkCentre 7830/7835/7845/7855 | unknown unspecified - <= 073.010.075.34540 |
XEROX | WorkCentre 7970 | unknown unspecified - <= 073.200.075.34540 |
XEROX | WorkCentre EC7836/EC7856 | unknown unspecified - <= 073.020.167.17200 |
XEROX | ColorQube 9301/9302/9303 | affected unspecified - < 072.xxx.009.07200 |
XEROX | ColorQube 8700/8900 | affected unspecified - < 072.xxx.009.07200 |
XEROX | WorkCentre 6400 | unknown unspecified - <= 061.070.100.24201 |
XEROX | Phaser 6700 | unknown unspecified - <= 081.140.103.22600 |
XEROX | Phaser 7800 | unknown unspecified - <= 081.150.103.05600 |
XEROX | WorkCentre 5735/5740/5745/5755/5765/5775/5790 | unknown unspecified - <= 061.132.221.21403 |
XEROX | WorkCentre 7525/7530/7535/7545/7556 | unknown unspecified - <= 061.121.224.18803 |
XEROX | WorkCentre 7755/7765/7775 | unknown unspecified - <= 061.090.220.19700 |
Weaknesses (CWE)
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now