PT-2020-5728 · Xerox · Xerox Altalink

Published

2020-06-18

Updated

2021-07-21

CVE-2019-18630

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Xerox AltaLink versions prior to 101.00x.099.28200

Description: The issue is related to insufficient encryption resilience in the Xerox AltaLink multifunction device's firmware. This could allow a remote attacker to disclose protected information. Portions of the drive containing executable code were not encrypted, leaving it open to potential cryptographic information disclosure.

Recommendations: For versions prior to 101.00x.099.28200, update the software to version 101.00x.099.28200 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information stored on the device until the update is applied.

Fix

Cleartext Storage of Sensitive Information

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-326

Related Identifiers

BDU:2021-01604

CVE-2019-18630

Affected Products

Xerox Altalink

PT-2020-5728 · Xerox · Xerox Altalink

CVE-2019-18630

Weakness Enumeration

Related Identifiers

Affected Products

References · 8