ID CVE-2018-20769
Summary An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:h:xerox:workcentre_3655i
    cpe:2.3:h:xerox:workcentre_3655i
  • cpe:2.3:h:xerox:workcentre_3655
    cpe:2.3:h:xerox:workcentre_3655
  • cpe:2.3:h:xerox:workcentre_5890i
    cpe:2.3:h:xerox:workcentre_5890i
  • cpe:2.3:h:xerox:workcentre_5865i
    cpe:2.3:h:xerox:workcentre_5865i
  • cpe:2.3:h:xerox:workcentre_5875i
    cpe:2.3:h:xerox:workcentre_5875i
  • cpe:2.3:h:xerox:workcentre_5845
    cpe:2.3:h:xerox:workcentre_5845
  • cpe:2.3:h:xerox:workcentre_5865
    cpe:2.3:h:xerox:workcentre_5865
  • cpe:2.3:h:xerox:workcentre_5875
    cpe:2.3:h:xerox:workcentre_5875
  • cpe:2.3:h:xerox:workcentre_5890
    cpe:2.3:h:xerox:workcentre_5890
  • cpe:2.3:h:xerox:workcentre_5900
    cpe:2.3:h:xerox:workcentre_5900
  • cpe:2.3:h:xerox:workcentre_5900i
    cpe:2.3:h:xerox:workcentre_5900i
  • cpe:2.3:h:xerox:workcentre_6655
    cpe:2.3:h:xerox:workcentre_6655
  • cpe:2.3:h:xerox:workcentre_6655i
    cpe:2.3:h:xerox:workcentre_6655i
  • cpe:2.3:h:xerox:workcentre_7855
    cpe:2.3:h:xerox:workcentre_7855
  • Xerox WorkCentre 7225
    cpe:2.3:h:xerox:workcentre_7225
  • cpe:2.3:h:xerox:workcentre_7220
    cpe:2.3:h:xerox:workcentre_7220
  • cpe:2.3:h:xerox:workcentre_7220i
    cpe:2.3:h:xerox:workcentre_7220i
  • cpe:2.3:h:xerox:workcentre_7225i
    cpe:2.3:h:xerox:workcentre_7225i
  • cpe:2.3:h:xerox:workcentre_7855i
    cpe:2.3:h:xerox:workcentre_7855i
  • cpe:2.3:h:xerox:workcentre_7845i
    cpe:2.3:h:xerox:workcentre_7845i
  • cpe:2.3:h:xerox:workcentre_7835i
    cpe:2.3:h:xerox:workcentre_7835i
  • cpe:2.3:h:xerox:workcentre_7830i
    cpe:2.3:h:xerox:workcentre_7830i
  • cpe:2.3:h:xerox:workcentre_7830
    cpe:2.3:h:xerox:workcentre_7830
  • cpe:2.3:h:xerox:workcentre_7835
    cpe:2.3:h:xerox:workcentre_7835
  • cpe:2.3:h:xerox:workcentre_7845
    cpe:2.3:h:xerox:workcentre_7845
  • cpe:2.3:h:xerox:workcentre_7970
    cpe:2.3:h:xerox:workcentre_7970
  • cpe:2.3:h:xerox:workcentre_7970i
    cpe:2.3:h:xerox:workcentre_7970i
  • cpe:2.3:h:xerox:workcentre_ec7836
    cpe:2.3:h:xerox:workcentre_ec7836
  • cpe:2.3:h:xerox:workcentre_ec7856
    cpe:2.3:h:xerox:workcentre_ec7856
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
refmap via4
confirm https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf
Last major update 10-02-2019 - 12:29
Published 10-02-2019 - 12:29
Last modified 13-02-2019 - 09:12
Back to Top