CVE-2020-36201

Published: Jan 26, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.

Affected (30)

Xerox

30 products

Workcentre 3655 Firmware

Workcentre 3655i Firmware

Workcentre 5865 Firmware

Workcentre 5875 Firmware

Workcentre 5890 Firmware

Workcentre 5865i Firmware

Workcentre 5875i Firmware

Workcentre 5945 Firmware

Workcentre 5955 Firmware

Workcentre 5945i Firmware

Workcentre 5955i Firmware

Workcentre 6655 Firmware

Workcentre 6655i Firmware

Workcentre 7220 Firmware

Workcentre 7225 Firmware

Workcentre 7220i Firmware

Workcentre 7225i Firmware

Workcentre 7830i Firmware

Workcentre 7835i Firmware

Workcentre 7845i Firmware

Workcentre 7855i Firmware

Workcentre 7830 Firmware

Workcentre 7835 Firmware

Workcentre 7845 Firmware

Workcentre 7855 Firmware

Workcentre 7970 Firmware

Workcentre 7970i Firmware

Workcentre Ec7836 Firmware

Workcentre Ec7856 Firmware

Workcentre 5890i Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 3655 Firmware	Before 075.060.000.12010

Running on/with	Platform Versions
Xerox Workcentre 3655	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 3655i Firmware	Before 075.060.000.12010

Running on/with	Platform Versions
Xerox Workcentre 3655i	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5865 Firmware	Before 075.190.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5865	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5875 Firmware	Before 075.190.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5875	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5890 Firmware	Before 075.190.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5890	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5865i Firmware	Before 075.190.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5865i	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5875i Firmware	Before 075.190.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5875i	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5945 Firmware	Before 075.091.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5945	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5955 Firmware	Before 075.091.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5955	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5945i Firmware	Before 075.091.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5945i	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5955i Firmware	Before 075.091.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5955i	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 6655 Firmware	Before 075.110.010.12010

Running on/with	Platform Versions
Xerox Workcentre 6655	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 6655i Firmware	Before 075.110.010.12010

Running on/with	Platform Versions
Xerox Workcentre 6655i	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7220 Firmware	Before 075.030.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7220	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7225 Firmware	Before 075.030.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7225	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7220i Firmware	Before 075.030.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7220i	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7225i Firmware	Before 075.030.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7225i	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7830i Firmware	Before 075.010.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7830i	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7835i Firmware	Before 075.010.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7835i	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7845i Firmware	Before 075.040.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7845i	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7855i Firmware	Before 075.040.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7855i	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7830 Firmware	Before 075.010.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7830	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7835 Firmware	Before 075.010.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7835	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7845 Firmware	Before 075.040.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7845	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7855 Firmware	Before 075.040.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7855	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7970 Firmware	Before 075.200.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7970	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7970i Firmware	Before 075.200.000.12010

Running on/with	Platform Versions
Xerox Workcentre 7970i	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre Ec7836 Firmware	Before 075.050.010.12010

Running on/with	Platform Versions
Xerox Workcentre Ec7836	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre Ec7856 Firmware	Before 075.020.010.12010

Running on/with	Platform Versions
Xerox Workcentre Ec7856	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 5890i Firmware	Before 075.190.010.12010

Running on/with	Platform Versions
Xerox Workcentre 5890i	All versions

Related CWEs

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (2)

https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf

Source: cve@mitre.org

PatchVendor Advisory

https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.