CVE-2022-23968
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
Los dispositivos Xerox VersaLink versiones hasta el 24-01-2022 permiten a atacantes remotos bloquear el dispositivo por medio de un archivo TIFF diseñado en una petición HTTP POST no autenticada. Se presenta una denegación de servicio permanente porque el análisis de imágenes causa un reinicio, pero el análisis de imágenes es reiniciado tan pronto como termina el proceso de arranque. Sin embargo, este bucle de arranque puede ser resuelto por un técnico de campo. El archivo TIFF debe tener un directorio de imágenes incompleto. Las versiones de firmware afectadas son xx.42.01 y xx.50.61
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-26 CVE Reserved
- 2022-01-26 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://twitter.com/mqudsi/status/1485756915187695618 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B400 Search vendor "Xerox" for product "Versalink B400" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B405 Search vendor "Xerox" for product "Versalink B405" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B600 Search vendor "Xerox" for product "Versalink B600" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B610 Search vendor "Xerox" for product "Versalink B610" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B7025 Search vendor "Xerox" for product "Versalink B7025" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B7030 Search vendor "Xerox" for product "Versalink B7030" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B7035 Search vendor "Xerox" for product "Versalink B7035" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C400 Search vendor "Xerox" for product "Versalink C400" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C405 Search vendor "Xerox" for product "Versalink C405" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C500 Search vendor "Xerox" for product "Versalink C500" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C505 Search vendor "Xerox" for product "Versalink C505" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C600 Search vendor "Xerox" for product "Versalink C600" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C605 Search vendor "Xerox" for product "Versalink C605" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7000 Search vendor "Xerox" for product "Versalink C7000" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7020 Search vendor "Xerox" for product "Versalink C7020" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7025 Search vendor "Xerox" for product "Versalink C7025" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7030 Search vendor "Xerox" for product "Versalink C7030" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C8000 Search vendor "Xerox" for product "Versalink C8000" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C8000w Search vendor "Xerox" for product "Versalink C8000w" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | <= 42.01 Search vendor "Xerox" for product "Versalink Firmware" and version " <= 42.01" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C9000 Search vendor "Xerox" for product "Versalink C9000" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B400 Search vendor "Xerox" for product "Versalink B400" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B405 Search vendor "Xerox" for product "Versalink B405" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B600 Search vendor "Xerox" for product "Versalink B600" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B610 Search vendor "Xerox" for product "Versalink B610" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B7025 Search vendor "Xerox" for product "Versalink B7025" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B7030 Search vendor "Xerox" for product "Versalink B7030" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink B7035 Search vendor "Xerox" for product "Versalink B7035" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C400 Search vendor "Xerox" for product "Versalink C400" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C405 Search vendor "Xerox" for product "Versalink C405" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C500 Search vendor "Xerox" for product "Versalink C500" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C505 Search vendor "Xerox" for product "Versalink C505" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C600 Search vendor "Xerox" for product "Versalink C600" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C605 Search vendor "Xerox" for product "Versalink C605" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7000 Search vendor "Xerox" for product "Versalink C7000" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7020 Search vendor "Xerox" for product "Versalink C7020" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7025 Search vendor "Xerox" for product "Versalink C7025" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C7030 Search vendor "Xerox" for product "Versalink C7030" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C8000 Search vendor "Xerox" for product "Versalink C8000" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C8000w Search vendor "Xerox" for product "Versalink C8000w" | - | - |
Safe
|
| Xerox Search vendor "Xerox" | Versalink Firmware Search vendor "Xerox" for product "Versalink Firmware" | >= 50.00 <= 50.61 Search vendor "Xerox" for product "Versalink Firmware" and version " >= 50.00 <= 50.61" | - |
Affected
| in | Xerox Search vendor "Xerox" | Versalink C9000 Search vendor "Xerox" for product "Versalink C9000" | - | - |
Safe
|