CVE-2019-18628

Published: Mar 4, 2021Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.

Affected (10)

Products: Xerox: Altalink B8045 Firmware, Altalink B8055 Firmware, Altalink B8065 Firmware, Altalink B8075 Firmware, Altalink B8090 Firmware, Altalink C8030 Firmware, Altalink C8035 Firmware, Altalink C8045 Firmware, Altalink C8055 Firmware, Altalink C8070 Firmware

Xerox

10 products

Altalink B8045 Firmware

Altalink B8055 Firmware

Altalink B8065 Firmware

Altalink B8075 Firmware

Altalink B8090 Firmware

Altalink C8030 Firmware

Altalink C8035 Firmware

Altalink C8045 Firmware

Altalink C8055 Firmware

Altalink C8070 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8045 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8045	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8055 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8055	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8065 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8065	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8075 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8075	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink B8090 Firmware	Before 103.008.010.14010

Running on/with	Platform Versions
Xerox Altalink B8090	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8030 Firmware	Before 103.001.010.14010

Running on/with	Platform Versions
Xerox Altalink C8030	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8035 Firmware	Before 103.001.010.14010

Running on/with	Platform Versions
Xerox Altalink C8035	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8045 Firmware	Before 103.002.010.14010

Running on/with	Platform Versions
Xerox Altalink C8045	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8055 Firmware	Before 103.002.010.14010

Running on/with	Platform Versions
Xerox Altalink C8055	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Altalink C8070 Firmware	Before 103.003.010.14010

Running on/with	Platform Versions
Xerox Altalink C8070	All versions

References (4)

https://security.business.xerox.com

Source: cve@mitre.org

Vendor Advisory

https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf

Source: cve@mitre.org

PatchVendor Advisory

https://security.business.xerox.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.