← back
CVE-2019-10880

CVE-2019-10880

CVSS 9.8 CRITICALEPSS 8.5%CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 8.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Apr 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
XEROX · AltaLink B8045/B8055/B8065/B8075/B8090XEROX · AltaLink C8030/C8035/C8045/C8055/C8070XEROX · ColorQube 8700/8900XEROX · ColorQube 9301/9302/9303XEROX · Phaser 6700XEROX · Phaser 7800XEROX · WorkCentre 3655XEROX · WorkCentre 5735/5740/5745/5755/5765/5775/5790XEROX · WorkCentre 5845/5855/5865/5875/5890XEROX · WorkCentre 5945/5955XEROX · WorkCentre 6400XEROX · WorkCentre 6655XEROX · WorkCentre 7220/7225XEROX · WorkCentre 7525/7530/7535/7545/7556XEROX · WorkCentre 7755/7765/7775XEROX · WorkCentre 7830/7835/7845/7855XEROX · WorkCentre 7970XEROX · WorkCentre EC7836/EC7856

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://airbus-seclab.github.io/https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf