CVE-2019-10881

Published: Apr 13, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.

Affected (10)

Products: Xerox: Altalink B8045 Firmware, Altalink B8055 Firmware, Altalink B8065 Firmware, Altalink B8075 Firmware, Altalink B8090 Firmware, Altalink C8030 Firmware, Altalink C8035 Firmware, Altalink C8045 Firmware, Altalink C8055 Firmware, Altalink C8070 Firmware

Xerox

10 products

Altalink B8045 Firmware

Altalink B8055 Firmware

Altalink B8065 Firmware

Altalink B8075 Firmware

Altalink B8090 Firmware

Altalink C8030 Firmware

Altalink C8035 Firmware

Altalink C8045 Firmware

Altalink C8055 Firmware

Altalink C8070 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8045 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8045	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8055 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8055	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8065 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8065	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8075 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8075	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8090 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8090	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8030 Firmware	Before 103.001.010.14010

Running on/with	Platform Versions
Xerox Altalink C8030	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8035 Firmware	Before 103.001.010.14010

Running on/with	Platform Versions
Xerox Altalink C8035	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8045 Firmware	Before 103.002.010.14010

Running on/with	Platform Versions
Xerox Altalink C8045	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8055 Firmware	Before 103.002.010.14010

Running on/with	Platform Versions
Xerox Altalink C8055	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8070 Firmware	Before 103.003.010.14010

Running on/with	Platform Versions
Xerox Altalink C8070	All versions

Related CWEs

CWE-259

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (3)

https://airbus-seclab.github.io/

Source: cert@airbus.com

Third Party Advisory

https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx.pdf

Source: nvd@nist.gov

PatchVendor Advisory

https://airbus-seclab.github.io/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.