PT-2021-9002 · Xerox · Xerox Altalink B8055+7

Published

2021-03-04

Updated

2021-03-11

CVE-2019-18629

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200

Description The issue allows an attacker to execute an unwanted binary during an exploited clone install. This requires creating a clone file and signing that file with a compromised private key.

Recommendations For Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, update to a version 101.00x.099.28200 or later to resolve the issue. At the moment, there is no information about additional mitigation measures.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-18629

Affected Products

Xerox Altalink B8045

Xerox Altalink B8055

Xerox Altalink B8065

Xerox Altalink B8075

Xerox Altalink B8090

Xerox Altalink C8030

Xerox Altalink C8035

Xerox Altalink C8070

PT-2021-9002 · Xerox · Xerox Altalink B8055+7

CVE-2019-18629

Related Identifiers

Affected Products

References · 5