PT-2021-9001 · Xerox · Xerox Altalink B8055+7

Published

2021-03-04

Updated

2021-03-05

CVE-2019-18628

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200

Description The issue allows a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.

Recommendations For Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, update to a version 101.00x.099.28200 or later to resolve the issue. As a temporary workaround, consider restricting administrative access to the device to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-18628

Affected Products

Xerox Altalink B8045

Xerox Altalink B8055

Xerox Altalink B8065

Xerox Altalink B8075

Xerox Altalink B8090

Xerox Altalink C8030

Xerox Altalink C8035

Xerox Altalink C8070

PT-2021-9001 · Xerox · Xerox Altalink B8055+7

CVE-2019-18628

Related Identifiers

Affected Products

References · 6