CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 0CVE-2019-18629
https://notcve.org/view.php?id=CVE-2019-18629
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. Las impresoras multifunción Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, permiten a un atacante ejecutar un binario no deseado durante la instalación de un clon explotado. Esto requiere crear un archivo clonado y firmar ese archivo con una clave privada comprometida • https://security.business.xerox.com https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf •
CVSS: 4.9EPSS: 0%CPEs: 20EXPL: 0CVE-2019-18628
https://notcve.org/view.php?id=CVE-2019-18628
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. Las impresoras multifunción Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, permiten a un usuario con privilegios administrativos desactivar el cifrado de datos en el dispositivo, dejándolo así abierto a una posible divulgación de información criptográfica • https://security.business.xerox.com https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19832 – Xerox AltaLink C8035 Printer Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-19832
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.) Las impresoras Xerox AltaLink C8035, permiten un ataque de tipo CSRF. Una petición para agregar usuarios es realizada en el campo de formulario Device User Database en el URI xerox.set. • http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-17172
https://notcve.org/view.php?id=CVE-2018-17172
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. La aplicación web en Xerox AltaLink B80xx en sus versiones anteriores a la 100.008.028.05200, en las C8030/C8035 anteriores a la 100.001.028.05200, en la C8045/C8055 anteriores a la 100.002.028.05200 y en la C8070 anterior a la 100.003.028.05200 permite la inyección de comandos no autenticada. • https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •