Xerox · Xerox · CVE-2019-10880
**Name of the Vulnerable Software and Affected Versions**
XEROX products (affected versions not specified)
**Description**
A remote command execution issue exists, allowing an attacker to execute commands on the Linux system as the `nobody` user through a crafted HTTP request. This is due to an OS Command Injection vulnerability in the HTTP interface. Depending on the configuration, authentication may not be required to exploit this issue.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.