PT-2019-9404 · Xerox · Xerox C8030/C8035+3

Published

2019-01-03

Updated

2019-10-03

CVE-2018-17172

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xerox AltaLink B80xx versions prior to 100.008.028.05200 Xerox C8030/C8035 versions prior to 100.001.028.05200 Xerox C8045/C8055 versions prior to 100.002.028.05200 Xerox C8070 versions prior to 100.003.028.05200

Description The issue allows unauthenticated command injection in the web application.

Recommendations For Xerox AltaLink B80xx versions prior to 100.008.028.05200, update to version 100.008.028.05200 or later. For Xerox C8030/C8035 versions prior to 100.001.028.05200, update to version 100.001.028.05200 or later. For Xerox C8045/C8055 versions prior to 100.002.028.05200, update to version 100.002.028.05200 or later. For Xerox C8070 versions prior to 100.003.028.05200, update to version 100.003.028.05200 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2018-17172

Affected Products

Xerox Altalink B80Xx

Xerox C8030/C8035

Xerox C8045/C8055

Xerox C8070

PT-2019-9404 · Xerox · Xerox C8030/C8035+3

CVE-2018-17172

Weakness Enumeration

Related Identifiers

Affected Products

References · 3