PT-2021-8875 · Xerox · Xerox Altalink B8055+7

Raphaël Rigo

Published

2021-04-13

Updated

2021-04-23

CVE-2019-10881

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xerox AltaLink B8045/B8055/B8065/B8075/B8090 versions prior to 103.xxx.030.32000 Xerox AltaLink C8030/C8035/C8045/C8055/C8070 versions prior to 103.xxx.030.32000

Description The issue concerns two accounts with weak hard-coded passwords that can be exploited, allowing unauthorized access. This access cannot be disabled.

Recommendations For Xerox AltaLink B8045/B8055/B8065/B8075/B8090 versions prior to 103.xxx.030.32000, update to a version 103.xxx.030.32000 or later. For Xerox AltaLink C8030/C8035/C8045/C8055/C8070 versions prior to 103.xxx.030.32000, update to a version 103.xxx.030.32000 or later.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-259

Related Identifiers

CVE-2019-10881

Affected Products

Xerox Altalink B8045

Xerox Altalink B8055

Xerox Altalink B8065

Xerox Altalink B8075

Xerox Altalink B8090

Xerox Altalink C8030

Xerox Altalink C8035

Xerox Altalink C8070

PT-2021-8875 · Xerox · Xerox Altalink B8055+7

CVE-2019-10881

Weakness Enumeration

Related Identifiers

Affected Products

References · 5