CVE-2018-17172

Published: Jan 3, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.

Affected (10)

Products: Xerox: Altalink C8030 Firmware, Altalink C8035 Firmware, Altalink C8045 Firmware, Altalink C8055 Firmware, Altalink C8070 Firmware, Altalink B8045 Firmware, Altalink B8055 Firmware, Altalink B8065 Firmware, Altalink B8075 Firmware, Altalink B8090 Firmware

Xerox

10 products

Altalink C8030 Firmware

Altalink C8035 Firmware

Altalink C8045 Firmware

Altalink C8055 Firmware

Altalink C8070 Firmware

Altalink B8045 Firmware

Altalink B8055 Firmware

Altalink B8065 Firmware

Altalink B8075 Firmware

Altalink B8090 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8030 Firmware	Before 100.001.028.05200

Running on/with	Platform Versions
Xerox Altalink C8030	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8035 Firmware	Before 100.001.028.05200

Running on/with	Platform Versions
Xerox Altalink C8035	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8045 Firmware	Before 100.002.028.05200

Running on/with	Platform Versions
Xerox Altalink C8045	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8055 Firmware	Before 100.002.028.05200

Running on/with	Platform Versions
Xerox Altalink C8055	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8070 Firmware	Before 100.003.028.05200

Running on/with	Platform Versions
Xerox Altalink C8070	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8045 Firmware	Before 100.008.028.05200

Running on/with	Platform Versions
Xerox Altalink B8045	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8055 Firmware	Before 100.008.028.05200

Running on/with	Platform Versions
Xerox Altalink B8055	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8065 Firmware	Before 100.008.028.05200

Running on/with	Platform Versions
Xerox Altalink B8065	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8075 Firmware	Before 100.008.028.05200

Running on/with	Platform Versions
Xerox Altalink B8075	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8090 Firmware	Before 100.008.028.05200

Running on/with	Platform Versions
Xerox Altalink B8090	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf

Source: cve@mitre.org

Vendor Advisory

https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.