CVE-2020-36201

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.

Se detectó un problema en determinados productos Xerox WorkCentre. No cifran apropiadamente las contraseñas. Esto afecta a los dispositivos 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836 y EC7856

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-21 CVE Reserved
2021-01-21 CVE Published
2023-10-07 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf	2021-07-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xerox Search vendor "Xerox"	Workcentre 3655 Firmware Search vendor "Xerox" for product "Workcentre 3655 Firmware"	< 075.060.000.12010 Search vendor "Xerox" for product "Workcentre 3655 Firmware" and version " < 075.060.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 3655 Search vendor "Xerox" for product "Workcentre 3655"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 3655i Firmware Search vendor "Xerox" for product "Workcentre 3655i Firmware"	< 075.060.000.12010 Search vendor "Xerox" for product "Workcentre 3655i Firmware" and version " < 075.060.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 3655i Search vendor "Xerox" for product "Workcentre 3655i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5865 Firmware Search vendor "Xerox" for product "Workcentre 5865 Firmware"	< 075.190.010.12010 Search vendor "Xerox" for product "Workcentre 5865 Firmware" and version " < 075.190.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5865 Search vendor "Xerox" for product "Workcentre 5865"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5875 Firmware Search vendor "Xerox" for product "Workcentre 5875 Firmware"	< 075.190.010.12010 Search vendor "Xerox" for product "Workcentre 5875 Firmware" and version " < 075.190.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5875 Search vendor "Xerox" for product "Workcentre 5875"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5890 Firmware Search vendor "Xerox" for product "Workcentre 5890 Firmware"	< 075.190.010.12010 Search vendor "Xerox" for product "Workcentre 5890 Firmware" and version " < 075.190.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5890 Search vendor "Xerox" for product "Workcentre 5890"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5865i Firmware Search vendor "Xerox" for product "Workcentre 5865i Firmware"	< 075.190.010.12010 Search vendor "Xerox" for product "Workcentre 5865i Firmware" and version " < 075.190.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5865i Search vendor "Xerox" for product "Workcentre 5865i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5875i Firmware Search vendor "Xerox" for product "Workcentre 5875i Firmware"	< 075.190.010.12010 Search vendor "Xerox" for product "Workcentre 5875i Firmware" and version " < 075.190.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5875i Search vendor "Xerox" for product "Workcentre 5875i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5945 Firmware Search vendor "Xerox" for product "Workcentre 5945 Firmware"	< 075.091.010.12010 Search vendor "Xerox" for product "Workcentre 5945 Firmware" and version " < 075.091.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5945 Search vendor "Xerox" for product "Workcentre 5945"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5955 Firmware Search vendor "Xerox" for product "Workcentre 5955 Firmware"	< 075.091.010.12010 Search vendor "Xerox" for product "Workcentre 5955 Firmware" and version " < 075.091.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5955 Search vendor "Xerox" for product "Workcentre 5955"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5945i Firmware Search vendor "Xerox" for product "Workcentre 5945i Firmware"	< 075.091.010.12010 Search vendor "Xerox" for product "Workcentre 5945i Firmware" and version " < 075.091.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5945i Search vendor "Xerox" for product "Workcentre 5945i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5955i Firmware Search vendor "Xerox" for product "Workcentre 5955i Firmware"	< 075.091.010.12010 Search vendor "Xerox" for product "Workcentre 5955i Firmware" and version " < 075.091.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5955i Search vendor "Xerox" for product "Workcentre 5955i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 6655 Firmware Search vendor "Xerox" for product "Workcentre 6655 Firmware"	< 075.110.010.12010 Search vendor "Xerox" for product "Workcentre 6655 Firmware" and version " < 075.110.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 6655 Search vendor "Xerox" for product "Workcentre 6655"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 6655i Firmware Search vendor "Xerox" for product "Workcentre 6655i Firmware"	< 075.110.010.12010 Search vendor "Xerox" for product "Workcentre 6655i Firmware" and version " < 075.110.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 6655i Search vendor "Xerox" for product "Workcentre 6655i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7220 Firmware Search vendor "Xerox" for product "Workcentre 7220 Firmware"	< 075.030.000.12010 Search vendor "Xerox" for product "Workcentre 7220 Firmware" and version " < 075.030.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7220 Search vendor "Xerox" for product "Workcentre 7220"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7225 Firmware Search vendor "Xerox" for product "Workcentre 7225 Firmware"	< 075.030.000.12010 Search vendor "Xerox" for product "Workcentre 7225 Firmware" and version " < 075.030.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7225 Search vendor "Xerox" for product "Workcentre 7225"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7220i Firmware Search vendor "Xerox" for product "Workcentre 7220i Firmware"	< 075.030.000.12010 Search vendor "Xerox" for product "Workcentre 7220i Firmware" and version " < 075.030.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7220i Search vendor "Xerox" for product "Workcentre 7220i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7225i Firmware Search vendor "Xerox" for product "Workcentre 7225i Firmware"	< 075.030.000.12010 Search vendor "Xerox" for product "Workcentre 7225i Firmware" and version " < 075.030.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7225i Search vendor "Xerox" for product "Workcentre 7225i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7830i Firmware Search vendor "Xerox" for product "Workcentre 7830i Firmware"	< 075.010.000.12010 Search vendor "Xerox" for product "Workcentre 7830i Firmware" and version " < 075.010.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7830i Search vendor "Xerox" for product "Workcentre 7830i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7835i Firmware Search vendor "Xerox" for product "Workcentre 7835i Firmware"	< 075.010.000.12010 Search vendor "Xerox" for product "Workcentre 7835i Firmware" and version " < 075.010.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7835i Search vendor "Xerox" for product "Workcentre 7835i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7845i Firmware Search vendor "Xerox" for product "Workcentre 7845i Firmware"	< 075.040.000.12010 Search vendor "Xerox" for product "Workcentre 7845i Firmware" and version " < 075.040.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7845i Search vendor "Xerox" for product "Workcentre 7845i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7855i Firmware Search vendor "Xerox" for product "Workcentre 7855i Firmware"	< 075.040.000.12010 Search vendor "Xerox" for product "Workcentre 7855i Firmware" and version " < 075.040.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7855i Search vendor "Xerox" for product "Workcentre 7855i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7830 Firmware Search vendor "Xerox" for product "Workcentre 7830 Firmware"	< 075.010.000.12010 Search vendor "Xerox" for product "Workcentre 7830 Firmware" and version " < 075.010.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7830 Search vendor "Xerox" for product "Workcentre 7830"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7835 Firmware Search vendor "Xerox" for product "Workcentre 7835 Firmware"	< 075.010.000.12010 Search vendor "Xerox" for product "Workcentre 7835 Firmware" and version " < 075.010.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7835 Search vendor "Xerox" for product "Workcentre 7835"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7845 Firmware Search vendor "Xerox" for product "Workcentre 7845 Firmware"	< 075.040.000.12010 Search vendor "Xerox" for product "Workcentre 7845 Firmware" and version " < 075.040.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7845 Search vendor "Xerox" for product "Workcentre 7845"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7855 Firmware Search vendor "Xerox" for product "Workcentre 7855 Firmware"	< 075.040.000.12010 Search vendor "Xerox" for product "Workcentre 7855 Firmware" and version " < 075.040.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7855 Search vendor "Xerox" for product "Workcentre 7855"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7970 Firmware Search vendor "Xerox" for product "Workcentre 7970 Firmware"	< 075.200.000.12010 Search vendor "Xerox" for product "Workcentre 7970 Firmware" and version " < 075.200.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7970 Search vendor "Xerox" for product "Workcentre 7970"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 7970i Firmware Search vendor "Xerox" for product "Workcentre 7970i Firmware"	< 075.200.000.12010 Search vendor "Xerox" for product "Workcentre 7970i Firmware" and version " < 075.200.000.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 7970i Search vendor "Xerox" for product "Workcentre 7970i"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre Ec7836 Firmware Search vendor "Xerox" for product "Workcentre Ec7836 Firmware"	< 075.050.010.12010 Search vendor "Xerox" for product "Workcentre Ec7836 Firmware" and version " < 075.050.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre Ec7836 Search vendor "Xerox" for product "Workcentre Ec7836"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre Ec7856 Firmware Search vendor "Xerox" for product "Workcentre Ec7856 Firmware"	< 075.020.010.12010 Search vendor "Xerox" for product "Workcentre Ec7856 Firmware" and version " < 075.020.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre Ec7856 Search vendor "Xerox" for product "Workcentre Ec7856"	-	-	Safe
Xerox Search vendor "Xerox"	Workcentre 5890i Firmware Search vendor "Xerox" for product "Workcentre 5890i Firmware"	< 075.190.010.12010 Search vendor "Xerox" for product "Workcentre 5890i Firmware" and version " < 075.190.010.12010"	-	Affected	in	Xerox Search vendor "Xerox"	Workcentre 5890i Search vendor "Xerox" for product "Workcentre 5890i"	-	-	Safe