CVE-2019-13170
 
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
Algunas impresoras Xerox (tal y como la Phaser 3320 versión V53.006.16.000), no implementaron ningún mecanismo para evitar ataques de tipo CSRF. Una explotación con éxito de esta vulnerabilidad puede conllevar a la toma de control de una cuenta local en el dispositivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-07-02 CVE Reserved
- 2020-03-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.business.xerox.com | 2020-03-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xerox Search vendor "Xerox" | Phaser 3320 Firmware Search vendor "Xerox" for product "Phaser 3320 Firmware" | v53.006.16.000 Search vendor "Xerox" for product "Phaser 3320 Firmware" and version "v53.006.16.000" | - |
Affected
| in | Xerox Search vendor "Xerox" | Phaser 3320 Search vendor "Xerox" for product "Phaser 3320" | - | - |
Safe
|