CVE-2016-11061

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970 y 7970i versiones anteriores a 073.xxx.086.15410, no escapan apropiadamente los parámetros en el script support/remoteUI/configrui.php, que puede permitir a un atacante no autenticado ejecutar comandos del Sistema Operativo sobre el dispositivo.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-04-29 CVE Reserved
2020-04-29 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf	2020-05-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xerox Search vendor "Xerox"	Workcentre 3655 Firmware Search vendor "Xerox" for product "Workcentre 3655 Firmware"	< 073.060.086.15410 Search vendor "Xerox" for product "Workcentre 3655 Firmware" and version " < 073.060.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 3655 Search vendor "Xerox" for product "Workcentre 3655"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 3655i Firmware Search vendor "Xerox" for product "Workcentre 3655i Firmware"	< 073.060.086.15410 Search vendor "Xerox" for product "Workcentre 3655i Firmware" and version " < 073.060.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 3655i Search vendor "Xerox" for product "Workcentre 3655i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5865 Firmware Search vendor "Xerox" for product "Workcentre 5865 Firmware"	< 073.190.086.15410 Search vendor "Xerox" for product "Workcentre 5865 Firmware" and version " < 073.190.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5865 Search vendor "Xerox" for product "Workcentre 5865"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5875 Firmware Search vendor "Xerox" for product "Workcentre 5875 Firmware"	< 073.190.086.15410 Search vendor "Xerox" for product "Workcentre 5875 Firmware" and version " < 073.190.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5875 Search vendor "Xerox" for product "Workcentre 5875"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5890 Firmware Search vendor "Xerox" for product "Workcentre 5890 Firmware"	< 073.190.086.15410 Search vendor "Xerox" for product "Workcentre 5890 Firmware" and version " < 073.190.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5890 Search vendor "Xerox" for product "Workcentre 5890"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5865i Firmware Search vendor "Xerox" for product "Workcentre 5865i Firmware"	< 073.190.086.15410 Search vendor "Xerox" for product "Workcentre 5865i Firmware" and version " < 073.190.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5865i Search vendor "Xerox" for product "Workcentre 5865i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5875i Firmware Search vendor "Xerox" for product "Workcentre 5875i Firmware"	< 073.190.086.15410 Search vendor "Xerox" for product "Workcentre 5875i Firmware" and version " < 073.190.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5875i Search vendor "Xerox" for product "Workcentre 5875i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5890i Firmware Search vendor "Xerox" for product "Workcentre 5890i Firmware"	< 073.190.086.15410 Search vendor "Xerox" for product "Workcentre 5890i Firmware" and version " < 073.190.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5890i Search vendor "Xerox" for product "Workcentre 5890i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5945 Firmware Search vendor "Xerox" for product "Workcentre 5945 Firmware"	< 073.091.086.15410 Search vendor "Xerox" for product "Workcentre 5945 Firmware" and version " < 073.091.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5945 Search vendor "Xerox" for product "Workcentre 5945"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5955 Firmware Search vendor "Xerox" for product "Workcentre 5955 Firmware"	< 073.091.086.15410 Search vendor "Xerox" for product "Workcentre 5955 Firmware" and version " < 073.091.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5955 Search vendor "Xerox" for product "Workcentre 5955"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5945i Firmware Search vendor "Xerox" for product "Workcentre 5945i Firmware"	< 073.091.086.15410 Search vendor "Xerox" for product "Workcentre 5945i Firmware" and version " < 073.091.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5945i Search vendor "Xerox" for product "Workcentre 5945i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5955i Firmware Search vendor "Xerox" for product "Workcentre 5955i Firmware"	< 073.091.086.15410 Search vendor "Xerox" for product "Workcentre 5955i Firmware" and version " < 073.091.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5955i Search vendor "Xerox" for product "Workcentre 5955i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 6655 Firmware Search vendor "Xerox" for product "Workcentre 6655 Firmware"	< 073.110.086.15410 Search vendor "Xerox" for product "Workcentre 6655 Firmware" and version " < 073.110.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 6655 Search vendor "Xerox" for product "Workcentre 6655"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 6655i Firmware Search vendor "Xerox" for product "Workcentre 6655i Firmware"	< 073.110.086.15410 Search vendor "Xerox" for product "Workcentre 6655i Firmware" and version " < 073.110.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 6655i Search vendor "Xerox" for product "Workcentre 6655i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7200 Firmware Search vendor "Xerox" for product "Workcentre 7200 Firmware"	< 073.030.086.15410 Search vendor "Xerox" for product "Workcentre 7200 Firmware" and version " < 073.030.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7200 Search vendor "Xerox" for product "Workcentre 7200"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7200i Firmware Search vendor "Xerox" for product "Workcentre 7200i Firmware"	< 073.030.086.15410 Search vendor "Xerox" for product "Workcentre 7200i Firmware" and version " < 073.030.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7200i Search vendor "Xerox" for product "Workcentre 7200i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7225i Firmware Search vendor "Xerox" for product "Workcentre 7225i Firmware"	< 073.030.086.15410 Search vendor "Xerox" for product "Workcentre 7225i Firmware" and version " < 073.030.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7225i Search vendor "Xerox" for product "Workcentre 7225i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7830 Firmware Search vendor "Xerox" for product "Workcentre 7830 Firmware"	< 073.010.086.15410 Search vendor "Xerox" for product "Workcentre 7830 Firmware" and version " < 073.010.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7830 Search vendor "Xerox" for product "Workcentre 7830"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7835 Firmware Search vendor "Xerox" for product "Workcentre 7835 Firmware"	< 073.010.086.15410 Search vendor "Xerox" for product "Workcentre 7835 Firmware" and version " < 073.010.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7835 Search vendor "Xerox" for product "Workcentre 7835"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7845 Firmware Search vendor "Xerox" for product "Workcentre 7845 Firmware"	< 073.010.086.15410 Search vendor "Xerox" for product "Workcentre 7845 Firmware" and version " < 073.010.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7845 Search vendor "Xerox" for product "Workcentre 7845"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7855 Firmware Search vendor "Xerox" for product "Workcentre 7855 Firmware"	< 073.010.086.15410 Search vendor "Xerox" for product "Workcentre 7855 Firmware" and version " < 073.010.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7855 Search vendor "Xerox" for product "Workcentre 7855"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7970 Firmware Search vendor "Xerox" for product "Workcentre 7970 Firmware"	< 073.200.086.15410 Search vendor "Xerox" for product "Workcentre 7970 Firmware" and version " < 073.200.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7970 Search vendor "Xerox" for product "Workcentre 7970"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7970i Firmware Search vendor "Xerox" for product "Workcentre 7970i Firmware"	< 073.200.086.15410 Search vendor "Xerox" for product "Workcentre 7970i Firmware" and version " < 073.200.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7970i Search vendor "Xerox" for product "Workcentre 7970i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7225 Firmware Search vendor "Xerox" for product "Workcentre 7225 Firmware"	< 073.030.086.15410 Search vendor "Xerox" for product "Workcentre 7225 Firmware" and version " < 073.030.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7225 Search vendor "Xerox" for product "Workcentre 7225"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7220 Firmware Search vendor "Xerox" for product "Workcentre 7220 Firmware"	< 073.030.086.15410 Search vendor "Xerox" for product "Workcentre 7220 Firmware" and version " < 073.030.086.15410"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7220 Search vendor "Xerox" for product "Workcentre 7220"	-	-	Safe