CVE-2018-20767

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.

Se ha descubierto un problema en los dispositivos Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836 y EC7856 en versiones anteriores a la R18-05 073.xxx.0487.15000. Hay una ejecución de comandos autenticada remota.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-02-10 CVE Reserved
2019-02-10 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf	2019-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xerox Search vendor "Xerox"	Workcentre 3655i Firmware Search vendor "Xerox" for product "Workcentre 3655i Firmware"	< 073.060.048.15000 Search vendor "Xerox" for product "Workcentre 3655i Firmware" and version " < 073.060.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 3655i Search vendor "Xerox" for product "Workcentre 3655i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 3655 Firmware Search vendor "Xerox" for product "Workcentre 3655 Firmware"	< 073.060.048.15000 Search vendor "Xerox" for product "Workcentre 3655 Firmware" and version " < 073.060.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 3655 Search vendor "Xerox" for product "Workcentre 3655"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5890i Firmware Search vendor "Xerox" for product "Workcentre 5890i Firmware"	< 073.190.048.15000 Search vendor "Xerox" for product "Workcentre 5890i Firmware" and version " < 073.190.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5890i Search vendor "Xerox" for product "Workcentre 5890i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5865i Firmware Search vendor "Xerox" for product "Workcentre 5865i Firmware"	< 073.190.048.15000 Search vendor "Xerox" for product "Workcentre 5865i Firmware" and version " < 073.190.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5865i Search vendor "Xerox" for product "Workcentre 5865i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5875i Firmware Search vendor "Xerox" for product "Workcentre 5875i Firmware"	< 073.190.048.15000 Search vendor "Xerox" for product "Workcentre 5875i Firmware" and version " < 073.190.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5875i Search vendor "Xerox" for product "Workcentre 5875i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5845 Firmware Search vendor "Xerox" for product "Workcentre 5845 Firmware"	< 073.190.048.15000 Search vendor "Xerox" for product "Workcentre 5845 Firmware" and version " < 073.190.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5845 Search vendor "Xerox" for product "Workcentre 5845"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5865 Firmware Search vendor "Xerox" for product "Workcentre 5865 Firmware"	< 073.190.048.15000 Search vendor "Xerox" for product "Workcentre 5865 Firmware" and version " < 073.190.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5865 Search vendor "Xerox" for product "Workcentre 5865"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5875 Firmware Search vendor "Xerox" for product "Workcentre 5875 Firmware"	< 073.190.048.15000 Search vendor "Xerox" for product "Workcentre 5875 Firmware" and version " < 073.190.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5875 Search vendor "Xerox" for product "Workcentre 5875"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5890 Firmware Search vendor "Xerox" for product "Workcentre 5890 Firmware"	< 073.190.048.15000 Search vendor "Xerox" for product "Workcentre 5890 Firmware" and version " < 073.190.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5890 Search vendor "Xerox" for product "Workcentre 5890"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5900 Firmware Search vendor "Xerox" for product "Workcentre 5900 Firmware"	< 073.091.048.15000 Search vendor "Xerox" for product "Workcentre 5900 Firmware" and version " < 073.091.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5900 Search vendor "Xerox" for product "Workcentre 5900"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5900i Firmware Search vendor "Xerox" for product "Workcentre 5900i Firmware"	< 073.091.048.15000 Search vendor "Xerox" for product "Workcentre 5900i Firmware" and version " < 073.091.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5900i Search vendor "Xerox" for product "Workcentre 5900i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 6655 Firmware Search vendor "Xerox" for product "Workcentre 6655 Firmware"	< 073.110.048.15000 Search vendor "Xerox" for product "Workcentre 6655 Firmware" and version " < 073.110.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 6655 Search vendor "Xerox" for product "Workcentre 6655"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 6655i Firmware Search vendor "Xerox" for product "Workcentre 6655i Firmware"	< 073.110.048.15000 Search vendor "Xerox" for product "Workcentre 6655i Firmware" and version " < 073.110.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 6655i Search vendor "Xerox" for product "Workcentre 6655i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7855 Firmware Search vendor "Xerox" for product "Workcentre 7855 Firmware"	< 073.040.048.15000 Search vendor "Xerox" for product "Workcentre 7855 Firmware" and version " < 073.040.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7855 Search vendor "Xerox" for product "Workcentre 7855"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7225 Firmware Search vendor "Xerox" for product "Workcentre 7225 Firmware"	< 073.030.048.15000 Search vendor "Xerox" for product "Workcentre 7225 Firmware" and version " < 073.030.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7225 Search vendor "Xerox" for product "Workcentre 7225"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7220 Firmware Search vendor "Xerox" for product "Workcentre 7220 Firmware"	< 073.030.048.15000 Search vendor "Xerox" for product "Workcentre 7220 Firmware" and version " < 073.030.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7220 Search vendor "Xerox" for product "Workcentre 7220"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7220i Firmware Search vendor "Xerox" for product "Workcentre 7220i Firmware"	< 073.030.048.15000 Search vendor "Xerox" for product "Workcentre 7220i Firmware" and version " < 073.030.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7220i Search vendor "Xerox" for product "Workcentre 7220i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7225i Firmware Search vendor "Xerox" for product "Workcentre 7225i Firmware"	< 073.030.048.15000 Search vendor "Xerox" for product "Workcentre 7225i Firmware" and version " < 073.030.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7225i Search vendor "Xerox" for product "Workcentre 7225i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7855i Firmware Search vendor "Xerox" for product "Workcentre 7855i Firmware"	< 073.040.048.15000 Search vendor "Xerox" for product "Workcentre 7855i Firmware" and version " < 073.040.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7855i Search vendor "Xerox" for product "Workcentre 7855i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7845i Firmware Search vendor "Xerox" for product "Workcentre 7845i Firmware"	< 073.040.048.15000 Search vendor "Xerox" for product "Workcentre 7845i Firmware" and version " < 073.040.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7845i Search vendor "Xerox" for product "Workcentre 7845i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7835i Firmware Search vendor "Xerox" for product "Workcentre 7835i Firmware"	< 073.010.048.15000 Search vendor "Xerox" for product "Workcentre 7835i Firmware" and version " < 073.010.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7835i Search vendor "Xerox" for product "Workcentre 7835i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7830i Firmware Search vendor "Xerox" for product "Workcentre 7830i Firmware"	< 073.010.048.15000 Search vendor "Xerox" for product "Workcentre 7830i Firmware" and version " < 073.010.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7830i Search vendor "Xerox" for product "Workcentre 7830i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7830 Firmware Search vendor "Xerox" for product "Workcentre 7830 Firmware"	< 073.010.048.15000 Search vendor "Xerox" for product "Workcentre 7830 Firmware" and version " < 073.010.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7830 Search vendor "Xerox" for product "Workcentre 7830"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7835 Firmware Search vendor "Xerox" for product "Workcentre 7835 Firmware"	< 073.010.048.15000 Search vendor "Xerox" for product "Workcentre 7835 Firmware" and version " < 073.010.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7835 Search vendor "Xerox" for product "Workcentre 7835"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7845 Firmware Search vendor "Xerox" for product "Workcentre 7845 Firmware"	< 073.040.048.15000 Search vendor "Xerox" for product "Workcentre 7845 Firmware" and version " < 073.040.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7845 Search vendor "Xerox" for product "Workcentre 7845"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7970 Firmware Search vendor "Xerox" for product "Workcentre 7970 Firmware"	< 073.200.048.15000 Search vendor "Xerox" for product "Workcentre 7970 Firmware" and version " < 073.200.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7970 Search vendor "Xerox" for product "Workcentre 7970"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7970i Firmware Search vendor "Xerox" for product "Workcentre 7970i Firmware"	< 073.200.048.15000 Search vendor "Xerox" for product "Workcentre 7970i Firmware" and version " < 073.200.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7970i Search vendor "Xerox" for product "Workcentre 7970i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre Ec7836 Firmware Search vendor "Xerox" for product "Workcentre Ec7836 Firmware"	< 073.050.048.15000 Search vendor "Xerox" for product "Workcentre Ec7836 Firmware" and version " < 073.050.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre Ec7836 Search vendor "Xerox" for product "Workcentre Ec7836"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre Ec7856 Firmware Search vendor "Xerox" for product "Workcentre Ec7856 Firmware"	< 073.020.048.15000 Search vendor "Xerox" for product "Workcentre Ec7856 Firmware" and version " < 073.020.048.15000"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre Ec7856 Search vendor "Xerox" for product "Workcentre Ec7856"	-	-	Safe