CVE-2022-45897

Published: Jan 31, 2023Modified: Mar 28, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.

Affected (1)

Products: Xerox: Workcentre 3550 Firmware

Xerox

1 product

Workcentre 3550 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 3550 Firmware	Version 25.003.03.000

Running on/with	Platform Versions
Xerox Workcentre 3550	All versions

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://Xerox.com

Source: cve@mitre.org

Vendor Advisory

https://gist.github.com/waffl3ss/eb61d38b5c44131d3586578002c63640#file-cve-2022-45897

Source: cve@mitre.org

Third Party Advisory

https://Xerox.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gist.github.com/waffl3ss/eb61d38b5c44131d3586578002c63640#file-cve-2022-45897

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.