// For flags

CVE-2019-19832

Xerox AltaLink C8035 Printer Cross Site Request Forgery

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)

Las impresoras Xerox AltaLink C8035, permiten un ataque de tipo CSRF. Una petición para agregar usuarios es realizada en el campo de formulario Device User Database en el URI xerox.set. (El valor de frmUserName debe tener un nombre único).

The Xerox AltaLink C8035 Printer suffers from a cross site request forgery vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-17 CVE Reserved
  • 2019-12-17 CVE Published
  • 2024-05-15 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xerox
Search vendor "Xerox"
 Altalink C8035 Firmware
Search vendor "Xerox" for product "Altalink C8035 Firmware"
--
Affected
in Xerox
Search vendor "Xerox"
 Altalink C8035
Search vendor "Xerox" for product "Altalink C8035"
--
Safe